It might sound inconceivable to some, but one of the most significant and preventable causes of companies falling victim to cybercrime is when employees themselves circumvent the firewall. Now, why would anyone do that?
Picture an accountant, working busily away, trying to get hold of some last-minute data to complete a report that is already running late. The accountant can’t connect to the database in order to generate said report, because of a firewall block. So, the accountant right-clicks the icon and selects “disable” and opens the file. Done.
Some might shrug and say, “It was only off for a few minutes, and it helped the accountant get work done.” But a few minutes – even a few seconds – in cybersecurity terms, is an eternity. Bots that seek out open ports are a constant threat. It’s never a matter of playing the odds.
Others might shrug and say, “It’s not the accountant’s problem. It’s an IT issue.” But this separation of roles and responsibilities is an anachronism and a really bad habit. In any organization, cyberhygiene, as it is now called, is everyone’s business, since everyone is inextricably connected through their devices.
Often, the act of disabling a firewall is something done by frustrated individuals who just want to get their work done without technology getting in the way. Imagine another person trying to log in to a video conference that is happening now. The meeting requires a downloadable app, but the firewall won’t let it through. They do what they must to solve their immediate problem.
Sometimes, however, it might be the IT manager, especially if they’re old-school, set in their ways from back in the day. If this person is the sole IT manager for one or more small businesses, like a one or two-person professional services firm, they might actually opt out of a software firewall altogether and buy the most basic and least expensive antivirus product that doesn’t even include any enhanced protection, “because it doesn’t interfere with our software.” These people might not be fully aware that viruses are no longer the primary threat. Malware, ransomware, social engineering, phishing, spear phishing, and data theft need better protection.
Government offices, hospitals, public schools and other chronically underfunded institutions might also opt for the lowest priced solution possible, erroneously assuming that appropriate protections are priced out of reach. They also perceive that the rules needed for managing competing products could be nightmarish on a network. So, a lot of times it just gets turned off, or a lax policy is put in place, just so people can work while the understaffed IT department can go about their usual day.
Discount for Non-Profit, Government, Education, Native Band
Save 50% on ESET Endpoint Protection business licenses for 5 to 50,000 devices for your organization. In addition, EndpointSecurity.ca from Positive E Solutions Inc. includes no-charge installation support and free training for your technical team.
There is No Five-Second Rule
In the world of cybersecurity, there is no five-second rule. For example, most of us have played the game of quickly retrieving a snack that has fallen onto the floor. We will snatch it up and consume it anyway, claiming that the “five-second rule” will protect the food from contamination. This, of course, is patently false, as most of the people who lay claim to such a rule already know. Bacterial food contamination happens immediately, and it is actually our own immune systems that bear the responsibility of keeping illness at bay.
To extend this analogy, a compromised immune system can easily occur from inadequate sleep caused by overwork and stress. When an immune system is compromised, that’s the human equivalent of a firewall being turned off. The potential for infection skyrockets, since illness causing agents try to attack the human body with every breath we take, everything we eat and everything we touch.
The Ounce of Prevention
The parallel between the five-second food rule and network security should be obvious. Just like a virus, ransomware quickly and voraciously spreads through a corporate network. With food and even handwashing hygiene, we have learned about the costs of human infection: sick time, leaves of absence, project delays, errors made through fatigue and distraction, the cost of hiring temporary replacements. Empathy aside, companies recognize that sickness costs. It is clearly far more cost-efficient to proactively promote hygiene than it is to deal with the effects of ignoring it.
A two-way firewall is a solid line of defense that should never be disabled. To drive this message home, end users must:
- be made aware of the dangers of cheating the firewall,
- receive support for respecting firewall and cybersecurity policies from their managers and admin staff,
- receive guidance from these same support people. They need to know it’s not OK to cheat the system, and that it is okay to call IT for a quick filter adjustment, if necessary,
- hear from IT and network security staff in a language and context that they can more easily understand.
Messaging should be phrased in the language of WIIFM (what’s in it for me?). People might not care if their IT tech is having a panic attack over a disabled firewall. But they will pay greater attention and will respect the rules much more willingly if they see how adoption of the rules will actually benefit them individually.
The New Solution: Intuitive Learning
ESET’s intuitive “Learning Mode” helps configure firewall rules. This is a machine learning-based approach that creates and saves rules as they are established. This means, from an end user perspective that the firewall’s own software learns by doing, making the task much easier and less threatening to time-starved staff. Here’s an example of how “Learning Mode” works:
- A user is trying to open a program, but it is being blocked.
- The user calls IT, who assesses the situation and deems the program to be benign and trustworthy.
- The IT officer then sets the computer’s ESET policy — via centralized management — to “Learning Mode” and says “Okay; try now.”
- The user says “Yep. It works now.”
- The IT officer then imports the new rule and applies it as a policy to the network, then re-enables “Automatic Mode” on the user’s machine.
Learning Mode does not prevent manual shutting off of the firewall. It removes the need for IT admins to “figure out” which ports need opening, and which application executables require an exception rule. So in a way, it unties IT’s hands enough to allow them to proactively block users from shutting off the firewall since it reduces the amount of work needed should an adjustment be required.
To prevent shutting off the firewall, a policy has to be enforced on the network, which is also done from within ESET’s centralized management system.
Since Learning Mode enables IT to quickly and easily solve the formerly onerous problem of creating port or application exclusion rules, a supplemental policy can be safely applied to further improve the network’s security by blocking the user-level ability to disable the firewall altogether. By doing so, it becomes IT’s responsibility—not the end user’s—to distinguish which exceptions are safe and which need to be brought to the attention of higher management.
The True Weak Link: People
In describing this failure of the firewall, it should be obvious that the firewall is often not to blame. It’s a perfectly valid technology, disabled manually due to its perceived inconvenience. Simply saying, “I’m not in that department,” leads to a complacency that has no place in the borderless cyber scenarios of modern business. As a parallel example, it might be the person operating the forklift in a warehouse who accidentally creates an entry point for thieves by propping a door open or disabling an alarm.
But as much as employees need to be trained in proactive cyberhygiene, IT admins too, must become more approachable. When a person is actually afraid to bother IT, they are more likely to take things into their own hands, which leads to a whole new set of problems.
Modern cyber-defense depends heavily on open communication on all sides, paired with the appropriate, up-to-date technologies. An IT manager must understand what end users must deal with and vice versa. The solution is equal parts technical and human, but the necessity of network completeness, with no holes or lapses, is vital.
Are You Prepared?
“The companies that survive are the ones who are prepared.”
If the big MSP / Cloud Service Provider who holds your company data gets hit by ransomware or data theft, are you prepared?
Steve Prentice specializes in the place where human and technology meet. With a background in organizational psychology and project management, he works with IT industry leaders like SAP, CA Technologies and Cisco, as well as with their customers. He consults, manages projects, delivers keynotes, and teaches at a Toronto-area university (UOIT).