Cyber breaches happen almost every day. While many assume it is a technology failure or software gap, human error attributes to almost 31% of the success of these attacks.
We have all heard of the well-known companies that have experienced highly publicized breaches.
They had controls in place to flag malicious attempts at network access. However, as we see in all cases, the human element continues to create vulnerabilities for all companies regardless of shape and size.
From missing updates, patching, misconfigurations to access management and technology use, there is one common denominator that plays a major role in every aspect of security: The human factor.
We tend to focus on speed or overlook details that could mean skipping steps that open us up for risks. We need to understand that every employee is essentially an extension of the computer system.
While we have computer firewalls set up to block unauthorized access, the human factor between employees and their computers don’t have the same automated controls—unless your credit union leverages a human firewall.
A human firewall is the personal or emotional side of protecting one’s network. It focuses on security awareness training at all levels of the organization.
These awareness programs train employees to become hyper-sensitive to vulnerabilities they can identify and reduce risk where software cannot monitor.
Here are seven tips to help you develop an effective human firewall program for your credit union:
1. Hold a monthly phishing exercise. This will help create your baseline of awareness.
2. Compare the responses and “emotion patterns” between departments, executives, and managers.
3. Share the results internally as a group, with specific examples, so everyone can learn from each other.
4. Have employees set up phishing scenarios based on previous results and focus on a preselected group that fall victim to a specific type of “emotion.”
5. Collect metrics, such as click-through responses, data submission, or response rate, to develop a personal training program with the teams or personnel that have a high percentage of repeat offenders.
6. Realize that repetition is key. Send constant and consistent messages to personnel as often as possible as a reminder that employees are the first line of defense.
7. Make it fun. Consider calling these exercises “phishing expeditions” and award a “trophy” to the department that reports the highest percentage of phish attempts.
The return on the investment made with human firewall and expanded security awareness training will pay dividends over time by reducing risks associated with human error.
Protect your employees and members by investing in your human firewall today.