Antivirus programs like Norton or McAfee are effective cybersecurity measures, but a human firewall is the best approach to cybersecurity.
That’s because missteps by humans – not flaws in antivirus software – are often the cause of data breaches.
With October being Cybersecurity Awareness Month, ABC7 asked John Joyce, co-owner of CRS Technology Consultants, to discuss the concept of a human firewall. During the Tech Bytes segment, John explained that each of us plays a significant role in cybersecurity – not just in October, but all year.
“It can’t just be an October thing,” John says. “Every single day, security has to be first in our minds.”
When Cybersecurity Awareness Month was created in 2004, people were using flip phones. Today’s smartphone doubles as a computer, but many don’t treat their phone as a computer when it comes to security.
“Every single day, we carry these devices in our pockets,” John says. “Twenty years ago, most people’s computer experience lived on a single table at home and maybe a desk at work. Now, it follows us everywhere we go, every transaction.”
What is a human firewall
The federal Cybersecurity & Infrastructure Security Agency clearly defines a firewall, which can be hardware and software.
“Firewalls provide protection against outside cyber attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet. Firewalls can be configured to block data from certain locations (i.e., computer network addresses), applications, or ports while allowing relevant and necessary data through.”
Then, what is a human firewall? That’s a way that we can use personal knowledge to defend against potential attacks.
There are a couple common mistakes that lead to cyberattacks and data breaches:
- Clicking a link in a spam text or email.
- Opening an attachment that contains a virus.
- Verifying our bank account number over the phone.
- Entering credit card information on a sketchy website.
- Using a public computer or public Wi-Fi to do online banking or social media.
A case study: Social engineering
Social engineering is a term used to describe a range of malicious activities that originate with human interactions and behaviors. It’s a new type of phishing. In terms of cyberattacks, hackers are combing through websites, social media profiles and online comments to learn about their victims.
“There are all of these things that we put out there that seem like harmless information, but when used the wrong way, can be used to steal your identity,” John says.
Case in point: the fall 2023 cyberattack on MGM Resorts International.
“The would-be hackers looked on LinkedIn and found the name and information for some employees, and called the help desk,” John says. “They basically said, ‘I’m John Doe and I forgot my password.’ The problem was that IT believed them, reset the password and the hackers were in.”
The breach forced MGM to shut down some casino and hotel computer systems at properties across the U.S. to protect data, ABC noted.
One way to thwart social engineering is by minimizing the amount of personal information we post online.
“All of the technology was in place, all of the security measures were in place… the humans failed the system,” according to John.
Businesses can avoid social engineering cyberattacks if both employees and the IT help desk always have their guards up. All companies – large and small – should partner with an IT company for security, especially those with employees who access the network, server or email remotely.
CRS Technology Consultants recommends that businesses have a secret code that only employees and the IT company know. It can be a word, phrase or number. John likens it to a secret knock or code word we used as children to get into the treehouse.
Artificial intelligence can now clone voices, so if the voice on the other end sounds familiar, that doesn’t necessarily mean you know the individual.
Many people incorrectly assume hackers only target businesses in hopes of a mega payday. However, cybercriminals realize it’s easier to hack a human than hack a computer or big corporations; that’s why they’re going after us.
“We have those big, large-scale incidents where there are big dollars on the line, but that doesn’t mean that we can afford to put our guard down,” John says. “While going after MGM Grand could be worth millions or more, if you go after a million people and get $100 from each from each of them, you’ve now printed a lot of money.”
Staying safe digitally
Recognizing the most common scams helps individuals hone their human firewall capabilities.
For instance, hackers purporting to be the U.S. Postal Service have been asking people to verify their mailing address. When they click the link, though, they visit a page where they literally type information directly into a cybercriminal’s system.
Another common text scam claims to be from Amazon saying an account has been suspended. It’s not. It’s a scammer trying to expose vulnerabilities.
Social engineering comes into play for another common scam. Cybercriminals send emails that claim to be from the boss asking employees to buy gift cards, then send the card numbers and pins. Another involves fake invoices that appear to come from a company’s real clients. Again, these are fake. Usually, the email address is a sequence of letters and numbers – not the company’s domain name.
Homeland Security’s Cybersecurity & Infrastructure Security Agency lists 4 steps to stay safe online:
- Use strong passwords: make it so complex that no one can guess it.
- Turn on Multi-Factor Authentication (MFA): this encrypts the data so that even if hackers gain access, what they see is unusable.
- Recognize and report phishing: know how to spot a scam and alert your IT provider.
- Update software: Apple, Microsoft and other tech companies invest billions into security and issue frequent updates or patches that protect you and your devices. Download it when prompted.
“It’s all about hacking the human,” John advises. “Make it harder for them to do that.”
READ MORE: Tech Resources