Phishing continues to be the top strategy in every cybercriminal’s playbook. Many attacks are generic and easy-to-spot thanks to their poor grammar or nonsensical messaging. But other phishing campaigns feature advanced techniques like email spoofing, where the attacker attempts to impersonate individuals the victim is familiar with such as a legitimate business associate, a friend, a co-worker, or a manager. A strong human firewall identifies all potential phishing attacks by thoroughly inspecting emails before taking action, by treating requests for sensitive data or moneywith skepticism, and by never assuming a message is safe just because it comes from a familiar sender.

Situational awareness means minding your surroundings and using common sense. When accessing a secured area, always ensure no one slips in behind you—an attack known as tailgating. Did you know a messy desk could be a security risk? By keeping an organized workspace, you lower the chances of misplacing badges, keycards, flash drives, and other important items like confidential documents. When traveling or working away from the office, always keep an eye on your belongings and use extreme caution when accessing highly sensitive information in public. Make sure no one can look over your shoulder to see your screen. Physical security is just as important as cybersecurity, and it’s made possible by practicing situational awareness.

As a valued member of our organization, you have been granted access to various computers, networks, data, and buildings or offices. That access is considered a privilege and it’s your responsibility to protect it, both digitally and physically, at all times. Protecting digital access means never sharing login credentials with anyone for any reason, using strong unique passwords for all accounts, and knowing what type of data may be shared publicly versus data that must remain private. Protecting physical access means never allowing someone to borrow your keycard or badge, locking workstations when not in use, and shredding confidential documents when no longer needed.

Preventing security incidents represents the human firewall’s most important role. Properly responding to incidents when they occur comes in as a close second. The term “incident” can refer to any situation that threatens our organization’s security. A door left open; an unknown individual hanging around; a phishing email; a suspicious package—these all represent examples of potential incidents that must be reported immediately. Timely reporting allows organizations to investigate what happened, warn other employees, and take prompt action to mitigate damages.

Policies exist to ensure that everyone does their best to protect the security and privacy of employees, clients, partners, and business associates. Circumventing policies, whether intentionally or unintentionally, puts our entire organization at risk. And while we require that you know and follow our policies at all times, we also encourage you to ask questions when you’re unsure of something. Strong human firewalls never make assumptions and they ask for help whenever they need more information.