Skip to content
  • There are no suggestions because the search field is empty.

Edition 1 - Engagement and Training: Boosting the Human Firewall

Edition 1 - Engagement and Training: Boosting the Human Firewall
5:28

Cyber security isn't just about tools and systems. Engaged and confident people play a major role in protecting our organisation and making it safer and harder to compromise. This series invites you to boost your essential cyber security knowledge and reinforce best practices in our workforce. Together, we can continue building a positive security culture where everyone feels responsible for protecting our data.

Key Focus: Engagement and Training

The National Cyber Security Centre (NCSC) identifies 'Engagement and Training' as a core component of a resilient organisation.  Our people are our strongest asset, provided they have the right knowledge and are engaged with security best practices.

The NCSC advises that staff training and engagement should be continuous and cover acceptable, secure use of an organisation's systems. This isn't just about avoiding mistakes; it's about actively contributing to our collective defence.

This month, we're focusing on simple habits that help everyone stay alert, make safer choices, and strengthen our 'human firewall.'

Why This Matters

Effective engagement and training transform employees from potential vulnerabilities into active participants in an organisation's security posture. While technical solutions are crucial, staff are often the first and most effective line of defence against attacks. 

However, human error remains a leading cause of breaches and incidents. Most cyber incidents start with a human action, whether it be by a rushed click, a reused password or replying to a message that 'looks legitimate.' Attackers rely on speed and distraction, but strong engagement and basic training reduce these risks.

Building awareness across the organisation helps us:

  • identify suspicious activity earlier;
  • respond faster; and
  • reduce the impact of an incident.

Current Threats We're Seeing

The Human Element

People remain a primary target for criminals. In the UK, with continued high levels of phishing attacks, these are becoming increasingly sophisticated, targeting individual weaknesses and a lack of awareness.

Impersonation Attacks

Attackers may often pose as colleagues, partners or senior leaders. They copy email signatures and writing styles, and may use urgency to get quick reactions.

Common signs include:

  • unexpected requests for information;
  • pressure to act immediately; and
  • slightly incorrect email domains.

These attackers also use threats like social engineering and exploit remote and hybrid working, where less secure home networks can broaden the attack surface.

The attacks which affected major retailers like M&S and Harrods are textbook examples of impersonation attacks that leverage social engineering. In a coordinated campaign, attackers (Scattered Spider) bypassed technical security by exploiting the human element.

By impersonating employees, they were able to trick IT staff into resetting credentials of legitimate user accounts and gain unauthorised access to internal corporate systems. This breach was then used to deploy ransomware, leading to major disruptions like the suspension of online orders and the theft of customer data.

Phishing

The most common entry point for cyber threats is still the simple email, and phishing is the most well-known type of attack. It is a deceptive tactic where attackers try to trick you into revealing sensitive information like passwords. They often mimic trusted sources, like senior management, IT support, or well-known companies.

Types of Phishing

Type Description Key Indicator
Standard phishing A broad attack that is often sent to many people via bulk email An email that includes a generic greeting ('Dear customer'), urgent tone and an unusual sender address.
Spear phishing Targeted attack aimed at a specific individual or team. An email that includes references to internal projects, specific colleagues or personal details.
Whaling A highly targeted attack aimed at senior executives/ management High-level requests that are often about confidential company information or urgent payments
 

Quick Tip: Stop, Look and Check!

Before clicking any link or downloading an attachment, follow these three simple checks:

  1. Stop: Take a breath. Does the email request something unusual, urgent or too good to be true? 
  2. Look at the sender: Check the sender's full email address and not just the display name. Does it exactly match the expected domain (e.g. '@itm.uk.com')? Be sure to hover your mouse over the sender's name to reveal the full email address and check for subtle misspellings (e.g. '@itn.uk.com').
  3. Check the link: Hover over the link (without clicking it!). A small preview of the destination URL will appear (usually at the bottom of your screen). If the URL looks suspicious or doesn't match where you expect to go, steer clear and don't click it.

Passwords and MFA: Simple Ways to Strengthen Security

Use Long Passphrases

Your password is the primary lock on your digital door. Avoid using weak, easy-to-guess passwords. Longer, memorable passphrases, such as three random words together, are stronger and easier to remember than short, complex passwords. It isn't about complexity,  it's length. A long passphrase is much easier for you to remember and far harder for attackers to crack.

Click the link to try the different passwords in the table below and see how long it would take a computer to crack!

https://www.security.org/how-secure-is-my-password/

Instead Of... Try... Why It Works
Arsenal2025! BlueSky-Over-London-25th! It's easy to remember, and uses random words and symbols for maximum length.
MyPetName1 I-Hate-Tuesdays-But-Love-Coffee It uses a memorable sentence, making it long and unique.

Don't Reuse Passwords

Never reuse or have the same password on company and personal accounts. A compromised password used across multiple platforms puts both accounts at risk.

Turn On Multi-Factor Authentication (MFA)

MFA is the most effective way to prevent account takeover attempts. Even if an attacker steals your password, the extra authentication blocks unauthorised access. It works by requiring two or more verification methods to prove you are who you say you are, such as:

  • Something you know, like your password; or
  • Something you have, like a code from an authenticator app, a text message, or a security key.

If Something Doesn't Look Right

Ultimately, a single oversight, like a missed phishing email or a weak password, can compromise an entire organisation.

If you get an email or request that seems suspicious, do not:

  • reply;
  • click any links; or
  • download and open any attachments.

Inform your designated IT security team or line manager immediately, providing as much detail as possible about what happened, and only delete it after the security team advises. Remember, remaining aware and reporting these emails is key to a swift and effective response.

Your constant vigilance and help in detecting and blocking threats before they can cause harm across the business continues to stand as the human firewall that protects us all.

Learn More

Let us know your thoughts in the comment section below or visit the NCSC's 10 Steps to Cyber Security for more cyber security guidance.