Become a Human Firewall: 12 Non-Technical Security Tips

table of contents

What is a Human Firewall?

Cyber security measures are essential for all organisations. The importance of effective software security (e.g., firewalls, antimalware protection, and password protection) and hardware security (e.g., hardware firewalls, proxy servers, locked doors, and CCTV systems) in preventing cyber security violations is well-documented.

However, technical security measures are only one component of an effective cyber security “shield”. Alongside a system firewall, you also need to implement and maintain an effective “human firewall”. A human firewall is a collection of practices that members of an organisation follow in order to maintain security.

According to a study by IBM, a staggering 95% of cyber security breaches are a result of human error, rather than software or hardware failure. Every member of an organisation has an important role to play to keep the human firewall strong, and neglecting this responsibility can have hugely detrimental effects on an organisation as a whole.

In this article, we will explore 12 non-technical security tips that make up a strong human firewall. By following the steps outlined, not only will you be protecting yourself—you will also be protecting your co-workers and your organisation.

1. Keep your desk clean and lock up

Keeping your workspace tidy and well-organised is not just important for making your working environment more pleasant—it also has security benefits. Paper documents on your desk may contain sensitive information such as passwords or customer details. These documents should be stored out of sight of others, ideally in a lockable drawer or cabinet. Organisations should also have procedures for locking these away and who has access to keys.

Alternatively, sensitive information can be kept on digital notes apps on work devices (this also has environmental benefits!). Wherever sensitive information is kept, it should be secure, and be deleted when no longer needed. Encrypting information can also add an extra layer of security, as long as the key to decrypt it is accessible to those authorised to access that information.

All of the above also applies to working from home—other members of your household should not be able to access sensitive information, and it certainly shouldn’t get lost around the house.

2. Tailgating

Tailgating refers to when people attempt to gain access to restricted spaces by following others through doors.

Always make sure when letting somebody else in the building that they are authorised and go through the reception first. Remember—not all employees have authorisation to access the same areas of the building! Don’t let anybody in behind you and make sure nobody is following you when accessing the building. If you are suspicious of anybody, discreetly report this to security.

3. Keep devices secure

All work devices, whether a PC, laptop, tablet, or mobile phone, should be attended or otherwise hidden in a secure place. When you leave your desk, lock your devices and their screens with a secure password. This also applies when you are working from home or commuting.

Always keep a check on the equipment you have and make sure to keep portable devices locked away out of the open. It only takes one opportunist to take your laptop whilst you’re away making a quick coffee!

4. Choose a strong password

When creating a password, adhere to your organization’s policy, always use a pass vault, and make sure you can remember it. Phrases can help with reminding yourself, as long as they aren’t too clear to a potential perpetrator. The name of your pet, partner, or favorite sports team is not a great idea for a password!

5. Think before you click

Email is a common route for cyber attackers to gain access to organisations’ systems. To reduce your chances of falling prey to phishing scams and other threats, always double check before you click a link or attachment in an email—even if it is from somebody you know! Hover over links to make sure the website is legitimate and look for any spelling mistakes or errors. If the link differentiates from a familiar one, don’t click on it.

If in doubt, always double check with your IT provider or department. If somebody you know sends a suspicious link or attachment, you can even call them (on a previously verified number) to check.

6. Don’t be overheard

When discussing potentially sensitive information, always consider where you are and who can hear you. Even in the office, some co-workers may not be authorised to hear this information.

When taking important phone calls, make sure the room is empty and there is nobody listening on the other side of the door. Not only could they be eavesdropping, but they could also use man-in-the-middle attacks to sit in the middle of your communication.

7. Be wary of shoulder surfing

“Shoulder surfing” is when someone looks over your shoulder at your screen without your permission. Not only is this nosy and rude—it is also a potential security issue! This can happen in the office or if you are working from home or using work devices in public.

To avoid sensitive information being seen by unauthorised people, you can change the angle of your screen, use privacy screen filters, or even work in a different room if you are working with sensitive information.

8. Never charge your device using public USB sockets

Public USB sockets may seem convenient if you are working away from the office, but there are actually significant security risks of using them to charge work devices. Hackers can actually modify public USB sockets so that they harvest information from devices plugged in, or even install malware or tracking software onto these devices!

Examples of USB sockets to avoid include those in airports, rental cars, trains, libraries, cafes, and more spaces accessible to members of the public.

9. Never plug an unknown USB flash drive into a device

As with public USB sockets, USB flash drives can also be modified to harvest information or install malware. Hackers have deliberately left USB flash drives lying around near offices for employees to pick up and plug into their devices. If you see a mysterious USB device in or near your workplace, report it to security.

In fact, the cyber security industry generally considers it best practice to avoid using USB sticks at all—as well as the danger of using a malicious USB stick, it is also easy to lose your own USB sticks (and any information stored on them). When using a USB stick is necessary, make sure it is password protected and/or the information stored on it is encrypted. It should also be kept physically secure so unauthorised individuals cannot access it.

10. Avoid using public networks

Wi-Fi networks are a particularly common access point for cyber attackers. When working in the office, you will most likely be using your organisation’s network. However, if you are using work devices in public, such as at a library, café, or on a train, this won’t be accessible.

While public Wi-Fi networks may seem a convenient way to get online when out-of-office, they can be used by attackers to access your information or even control your device itself. Avoid using public networks wherever possible, and if using one is absolutely unavoidable then you should use a reliable VPN to encrypt your network data. If in doubt, ask your organisation’s IT team about recommended VPNs and how to use them.

11. Always follow your organisation’s procedures and policies

Your organisation should have procedures and policies in place to make sure that security is tight. It is every staff member’s responsibility to learn, understand, and follow these procedures at all times. These policies are in place for a reason—to protect you, your co-workers, and the organisation as a whole.

You should also make sure you know who to get in touch with if you have any questions relating to security, or if you suspect any potential security threats or encounter any incidents. Communication is key!

12. Think before sharing information—even with co-workers

Not everybody in your organisation needs to know every piece of information. Internal information varies per department and should not be shared unless deemed appropriate or necessary in order to carry out a specific objective.

The fewer people who know a piece of information, the less the chances of information being leaked. Information leaks can happen accidentally through human error, or even deliberately by (for example) a disgruntled employee. Always think before you speak, and make sure you are talking to somebody who needs to know that particular information. When sharing sensitive information via email, mark it as confidential so that the recipient knows not to share it.

Conclusion

A strong human firewall is made up of many people. Every member of your organisation should be educated on how to stay secure. Regular training and teaching of best practices are highly recommended.

At a time when digital threats are becoming increasingly sophisticated, prioritising our security in all aspects of our lives is paramount. By implementing the non-technical security tips outlined in our blog, you have taken a proactive step towards safeguarding your personal information and digital well-being.

In line with our commitment to your security, we recommend additional resources to enhance further your understanding of privacy, security and the ever-evolving landscape of digital threats. We encourage you to explore the following blogs:

people holding shield to protect servers containing personal data

This insightful blog delves into the intricate relationship between privacy and security. It offers a nuanced perspective on protecting your personal information and maintaining your privacy. You will find valuable insights and practical tips to navigate the complex terrain of online security.

Read the full article

MALWARE _what it is, how it works, and how to avoid it_Feature image 2

This blog is an excellent resource for staying updated on the latest malware threats and understanding their potential impact. It provides in-depth analysis, preventive measures, and mitigation strategies against various types of malicious software. By equipping yourself with knowledge about malware, you can actively protect yourself and your digital assets.

Read the full article

We believe that empowering yourself with knowledge is the first and most crucial step in fortifying your online security. By exploring these additional resources, you will be better equipped to navigate the digital landscape confidently and make informed decisions to protect your privacy and security.

We remain dedicated to providing valuable insights and information to help you stay safe in an ever-changing digital world. Subscribe to our monthly newsletter and stay updated with Overt Software Solution's monthly insight.

Subscribe today!

Remember—it’s better to err on the side of caution and be safe rather than sorry! If you have any doubts about anything, or suspect any potential security threats, contact your IT department.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
tve_leads_unique	1 month	This cookie is set by the provider Thrive Themes. This cookie is used to know which optin form the visitor has filled out when subscribing a newsletter.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
c3po.jpg	Session	This pixel tracker, set by metricool.com, collects data on the user’s navigation and behaviour on the website. This is used to compile statistical reports and heatmaps for the website owner.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook as part of their embedded services on our websites (likes, sharing etc.).
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
ClientId	1 year	No description available.
li_gc	2 years	No description
OIDC	6 months	No description available.
OutlookSession	session	No description available.
tl_1206_1206_4	1 month	No description
tl_544_544_1	1 month	No description