The Human Firewall

Strengthening Cyber Resilience through Awareness

The world of cybersecurity is no longer just about technology. It’s increasingly about people. The concept of building a human firewall has become a key element in ensuring the security of businesses, irrespective of size. As the Enstep Team put it, “Building a human firewall is the most effective way to protect your network systems from cyber attacks. Human error is the number one cause”.

Why Does Human Behaviour Matter in Cybersecurity?

Human mistakes are a significant reason behind data breaches and cyber attacks. Employees, often unintentionally, can become the Achilles heel of a company’s security setup. Aware of this weak link, cyber culprits use tactics like deceptive emails (phishing) and false identities to fool employees into revealing sensitive details or clicking on harmful links.

To counteract this threat, businesses must nurture a culture of cybersecurity awareness. Jessica Groopman from Kaleido Insights emphasises the importance of a holistic approach to training, stating, “To build a strong human firewall, companies must provide extensive education, simulation, training and relevance to workers. Security awareness training should not only take place in the context of the company’s core product or service, but in employees’ specific roles and metrics”.

Elements of Strong Cybersecurity Awareness Programmes

A robust cybersecurity awareness programme should consist of these essential elements:

  • Education and Practice: Educate employees about cyber threats and how to circumvent them. Regular training, mock phishing attacks, and awareness campaigns prove valuable.
  • Guidelines and Processes: Businesses need clear guidelines and processes that instruct employees on the correct handling of sensitive information and the appropriate response to security incidents.
  • Motivation and Rewards: Inspire employees to follow best practices and report security incidents using rewards, recognition, and other incentives.

How to Set Up a Cybersecurity Awareness Programme

Setting up a cybersecurity awareness programme involves a comprehensive approach:

  1. Risk Evaluation: Identify your business’s vulnerabilities and the types of cyber threats you’re most likely to encounter with a risk assessment.
  2. Planning: Create a plan that includes education, guidelines, and motivation strategies.
  3. Implementation: Roll out the plan to all employees, providing continuous training and support.
  4. Evaluation: Measure the programme’s effectiveness and assess its impact on your business’s security stance.
  5. Ongoing Improvement: Cyber threats continually evolve, so your cybersecurity awareness programme must keep pace. Regularly reassess your risks and adjust your programme as needed.

Stephen Moramarco of Infosec encapsulates the ethos of this approach well: “A so-called ‘human firewall’ is a concept in security awareness that empowers a team to fight against hackers in a proactive as well as reactive manner”. In essence, by focusing on cybersecurity awareness and enabling employees to be the first line of defence, businesses can drastically reduce their risk of data breaches and cyber attacks.


Interactive video

Watch the interactive video, try the activities, to strengthen your understanding of human firewalls.


  1. Enstep Technology – Building Human Firewall for Cybersecurity
  2. TechTarget – The human firewall’s role in a cybersecurity strategy
  3. KPMG Advisory Services – Human Firewalling
  4. Infosec Resources – How to Create a Human Firewall

Equip yourself with the knowledge to protect yourself against cyber threats. Enrol in my: Information Security Awareness: An Introduction for UK SMEs