3 Critical Elements for Building an Effective Human Firewall

As required by section 13402(e)(4) of the HITECH Act, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) must post a list of breaches of unsecured protected health information (PHI) affecting 500 or more individuals. What can you do to protect your organization’s PHI? How can you ramp up your firewalls in a season of escalating attacks? Today, your employees are exposed to sophisticated phishing and ransomware attacks at an alarming rate. Many phishing attacks no longer have malware, malicious links in the email, or come from erroneous email addresses. As hackers remove these variables from their phishing campaigns, perilous emails are landing in your employees’ inboxes. The uptick in social-engineered hacks has caused a significant shift in focus on the human firewall. "Human firewall" refers to end users or employees being a solid line of defense against attempts to compromise your organization or system. Old school security awareness training is no longer useful in protecting end users from accidentally opening the door to a potential threat that can cause a data breach.

Three critical elements on which you should focus on developing your human firewall are as follows:

1. Ensure that your people care about cybersecurity: Don’t just push information to your employees and expect them to absorb it. You must help them understand why cybersecurity matters and why it is relevant to them. However, in the event there is a cybersecurity incident, avoid making the environment feel like a punishment.
2. Build awareness and knowledge: It’s critical to design a program that matches your culture but also requires employees to be on continuous alert.
3. Measure and monitor: It is essential to measure employee awareness, attitudes, knowledge, and motivation to evaluate the effectiveness of your approach.