Home > Insights > Why the key to effective Cyber Security Protection lies within your Human Firewall

Why the key to effective Cyber Security Protection lies within your Human Firewall


This article takes a look at the role that the human firewall plays in the protection against increasing cyber security threats. With annual losses of UK organisations to cybercrime now exceeding £1bn, it is critical we all take the threat seriously.

Cyber Security has been a hot topic for many years and many organisations, of all shapes and sizes, were already realising the need to protect against the threat even before Covid shook the world and the lockdowns hit.

The move to remote working and the digitalisation of many processes within businesses has meant that suddenly cyber security has shot up the agenda for most organisations. This is particularly true because cyber criminals are continually finding new ways to hack into organisations, steal valuable data and attack vital infrastructures. With annual losses of UK organisations to cybercrime now exceeding £1bn, it is critical we all take the threat seriously.

How to effectively combat Cyber Security Threats

The first thing to consider here is that although technology tools and software can help protect against the threats of cyber-attacks – they alone cannot work effectively. Most cyber security breaches are not caused by glitches or weaknesses in technology, they are caused by human error. So, although you may have firewall protection that your IT department has put in place to protect your organisation, it is pointless if it doesn’t work in tandem with your human firewall.

What is a human firewall?

Put simply, a human firewall is every employee within your organisation from the very top to the very bottom. Everyday employees, management, directors, stakeholders require access to systems and technologies in order to carry out their jobs – whether a laptop, PC, tablet, phone, terminal or central system. Every member of staff provides a potential digital route into your business for a hacker. It only takes a single mistake of leaving access open, lax security in terms of passwords, or clicking on a suspicious link which can provide cyber criminals with the open door to digitally enter your organisation and cause chaos. What’s more, it is not uncommon for that victim to be completely oblivious to the fact that they have just opened the floodgates.

How do we establish a human firewall?

The first step in establishing an effective human firewall is to raise awareness of the issue of cyber security amongst all staff, along with best practise and the importance of their individual role in ensuring they and their employing organisation stay digitally secure.

The only real way this awareness can be instilled into your team is through training. However, this does not mean getting an expert in to present classroom style to departments in an organised schedule. The key to effectively establishing a human firewall is raising awareness through training in a way that ensures every member of staff wants to change their behaviour and improve the “security culture” of them and the organisation. After all, as employees their data is just as valuable as customers, subscribers, stakeholders and suppliers. Once a data breach has occurred the knock-on effect can significantly impact everyone within the organisation.

What will creating a human firewall achieve?

Cyber criminals and hackers are active 24/7. They are continually trying different ways to penetrate organisations because they understand the high value that lies within all organisational data. However, as an organisation you cannot control or stop this. You may, through firewall protection and other technologies be able to reduce the amount of security breach attempts that take place, but there will always be new ways found to circumvent protection measures in place. Clearly, new software can never pre-empt a virus which hasn’t yet been created.

What the human firewall achieves is changing the way organisations operate internally. It cannot control the external activities of what cyber criminals are doing or planning, but it can influence the processes, procedures and culture to better protect against potential security breaches. This means even if a breach does occur, it can be identified and isolated quickly before its causes any real damage to the organisation.

How to implement organisational wide Cyber Security awareness training

We have already identified that in order for the training to be effective it has to stimulate a desire to change behaviours. The old adage of “if you always do what you have always done, you will always get what you always got” is very true here. Unless you can stimulate change, your training and ultimately other security protections as well will prove pointless.

Meritec’s Cyber Security Awareness digital learning course has been built in conjunction with cyber security specialists Stupa Infosec. Although cyber security is their core area of specialism, they undertook great research into how to best formulate a training programme which instigated change of behaviour within the learner. In fact, co-founder of Stupa Infosec, Ashish Shrestha, has written a whole white paper on how the course itself was developed and why.

What Ashish found in his research was that the course needs to target the part of the brain that makes “logical decisions” (which also controls feelings, values and emotions). This ultimately helps to change “mindset”. He also found that this was not suited to traditional presenter-led verbal training – the method which most existing cyber security training courses follow.

Why is interactive digital learning more effective

Digital learning courses have many benefits over existing alternative training methods, but as well as scalability, cost, reach, availability and flexibility, the key reason why it is more impactful for the audience is because the mix of media helps to grab the learner’s attention and taps into their emotions. Ultimately digital learning courses are fun, entertaining and engaging – and by default memorable. Another significant benefit is that the learner absorbs the information at their pace (bite-sized chunks of information), is more likely to retain it and can revisit the course at any time for reference or refresh.

This is key to ensure that the information is retained, creating an awareness which in turn generates a different outlook which influences behaviours and actions. Why the cyber security awareness course is particularly effective is because there is as much personal gain through the training, in terms of their own personal online security outside of the workplace, as there are organisational benefits for the employer.

How is digital learning rolled out across an organisation?

The beauty with digital learning courses is that they can be rolled out in a controlled manner across an organisation, irrespective of its size and scale. Stupa Infosec teamed up with Meritec because they recognised Meritec’s experience and high reputation for e-awareness courses, which already exist across a number of subject areas covering personal wellbeing, organisational wellbeing and digital wellbeing.

Meritec’s digital learning courses can be completely branded in your own style with supporting messaging from a CEO or Director. From within the administration dashboard you can upload learner email addresses (in a controlled departmental manner if you wish) who are invited to engage with the course. The platform also shows who has completed the course and shows corporate and departmental statistics.

The courses are hosted on Meritec’s cloud-based Learning Management System and delivered through a SaaS model. From a user-perspective the course is accessible 24/7 and can be accessed as many times as they like.

If you’d like to learn more about our digital learning platform, contact our friendly team, who will be happy to demonstrate exactly how it can benefit your organisation in helping you to create an effective human firewall.