4 min read

Enforcing The Human Firewall

Nov 26, 2018 10:30:00 PM

By Alma Pranoto


The greatest threat to cybersecurity is human error. 

“We need to educate the end user in how to be safe and how to be aware" C.J. June - Paladin Data Corp

According to Experian's Managing Insider Risk Report, up to 60% of surveyed companies had a data breach in 2016, as a result of uninformed and negligent employees. This negligence can come in the form of opening unknown links, downloading unknown attachments and uploading personal and company information into a seemingly friendly site. These human errors are prompted by social engineering, where hackers take advantage of human behaviour to successfully manipulate the target into disclosing confidential information. 



Consider these situations:

1. One of your new interns copies an operational report onto a personal USB stick with the intent to develop his understanding of your company's customers. This report contains details of your company's customers, their contact details and profiling to better equip your company with marketing your products to the right clients. The intern then takes this USB stick and places it into the right pocket of his jacket. He then quickly makes his way to his train which is packed with the 5 pm rush. Unknowingly, this unencrypted USB is hanging out of his pocket and is easily taken by a stranger. By the time this intern realised his USB is missing, the thief had long been gone and who knows what they will do with the sensitive information. 

2. Your service-desk staff is busy and overwhelmed by the never-ending calls from difficult customers. Then she receives a call from an anxious employee of the company who states that he is desperately in need of his password which he had allegedly forgotten. The staff member, weary after a strenuous and lengthy explanation from the caller, finally gives in. Having successfully tricking the staff member, the caller confidently walks through the company firewall and disrupts your data. 

The above situations are preventable, but it requires the right steps to achieve security awareness within the workplace. 


how Drivelock can help

1. With DriveLock's Security Education, you and your employees will be able to access a range of topics such as:

  • how to handle data,
  • how to report unusual behaviour,
  • the smart use of personal devices (BYOD),
  • how to navigate business and personal use of Email, Internet and Social Media, 
  • how to adhere to the EU General Data Protection Regulation (GDPR) and more. 
These E-learning modules are accessible from the control centre console with new monthly content which comes in the form of engaging videos, text and interactive multimedia. 

Your users are your last line of defence. Don't just train your employees, with DriveLock's holistic multi-layer-concept you can create a security awareness culture in your company. 

2. DriveLock's Application Control prevents unknown applications to run on your system and runs application whitelisting with AI. 

3. Add an extra layer of protection by managing the extent of data your employees can access with DriveLock's Device Control. Why?

Case study: Bupa's 2017 data breach leaked the personal details of more than 500 thousand of its customers. The culprit? A "rogue" employee. This employee was able to steal the names, date of birth and emails of the customers to be sold on the dark web. An ICO investigation concluded that Bupa did not have effective control over its CRM system and was, therefore, left vulnerable to be taken advantage of by employees. 

4. Disk and File Encryption provides your data with the security measure required so that in the case of stolen devices or unanticipated user action, the data becomes unintelligible to these unauthorised users. 


Interested in how DriveLock's Application and Device Control solutions can work for you?

Try our free 30-day trial or contact our experts for more information, we will be happy to assist! 


Free Download




Alma Pranoto
Written by Alma Pranoto