Human Firewall

Setting up employee notifications within MetomicScreenshot of Metomic platform, showing how to set up employee notifications

Did you know 95% of data breaches involve a human element? Using Metomic, security teams can enable employees to protect sensitive data themselves with real-time and dynamic notifications in SaaS apps.

Integrate with the tools you already use:

How Oyster used Metomic automations to educate their team

Download the case study

Keep collaborating in SaaS apps, while protecting your sensitive data

Give employees the real-time tools they need to minimise their own data risks. Building your human firewall doesn't have to mean compromising productivity.

Warning icon


Automate Slack notifications to employees when they breach your data policies.

Bell icon


Send automatic reminders to employees if data they shared in the past has left unnecessary risk.

Clock icon


Move beyond monthly, quarterly, or yearly security training. Deliver it continuously, when it's needed.

Our Customers Love us

We're trusted by security teams worldwide

We are a Slack and Google shop, and Metomic had out-of-the-box integrations that made implementation a breeze.
Tim Collins
Easy integration. It is as simple as a few clicks (and the Metomic onboarding process is excellent, too, as the team guides us through the process).
Philippe Cartier
We use Metomic to uncover sensitive company data and prevent it from being shared or residing in places it shouldn't. It's a really great supplement where technical controls that could be our frontline of defense don't exist.
Colin O'Shea
Wrapbook 2
Metomic provides an excellent, easy-to-navigate interface with the necessary features to help keep our workspace secure.
Stephen Droner
Immediately, especially for the Google Workspace document sharing, Metomic has paid for itself seven fold.
Hatitye Chindove

Frequently asked questions

  • What is the meaning of the human firewall in cyber security and why is it so vital?

    The human firewall is a term that refers to your employees who act as a barrier to cyber security risks like phishing and social engineering attacks.

    They follow best practices in cybersecurity to ensure the business is protected and keep the security team updated with any suspicious activity they’ve noticed.

    What is an example of the Human Firewall?

    An example of the Human Firewall in action is that of a financial services organisation training its customer service staff on the most appropriate way to share customer information with others within the team. For instance, this could take the form of employee notifications warning individuals when they share financial data in SaaS applications such as Slack, and encouraging them to remediate their risks. Credit card information stored indefinitely in Slack is a high risk for the business; if the environment were breached, all of this data would be accessible to unauthorised users.

    Building this awareness around data security can help create a security-conscious workforce that can reduce risk to the business.

    What could a human firewall defend against?

    #1. Phishing

    Phishing attacks have become increasingly sophisticated in recent years, with scammers pretending to be well-known companies in order to persuade individuals to share sensitive data.

    According to IT Support company AAG-IT, 323,972 internet users were victims of phishing attacks around the world in 2021.

    More recently, Reddit announced it had suffered a data breach due to a phishing attack that included ‘plausible-sounding prompts’ pushing them towards a website that imitated their intranet portal.

    Making sure your employees can spot a phishing attack is key.

    #2. Baiting

    Similar to phishing, baiting lures people in with the promise of free goods, or involves leaving items like USBs lying around to appeal to people’s curiosity.

    Once the victim has handed over their details or plugged the USB in to their computer, the malicious actor takes advantage and installs malware on to their device.

    Keeping your employees updated on the techniques scammers might use can really help here.

    #3. Scareware

    Scareware is intended to look deceivingly helpful by claiming that a virus has been detected on an employees’ computer, encouraging them to download software to rectify the issue. In fact, this software itself is malicious, giving the criminal behind the attack access to data on your computer.

    Ensuring your company’s computers are covered by anti-virus software, and educating your employees on the alerts they should pay attention to is a great way of combatting scareware.

    #4. Pretexting

    With a heavy focus on manipulation, pretexting involves someone acting as an employee’s manager or another senior colleague to pressure them into giving information out. Pretexting lays the groundwork for any of the above tactics like phishing.

    If any of your employees are asked to take specific actions like letting in a delivery driver or giving an IT person access to your system.

    What a human firewall is not

    A human firewall is not the responsibility of one person or team - it’s a collective effort which involves every employee within the organisation. It’s also not built with annual security training that is easily forgettable.

    A human firewall requires continuous training that’s integrated with an employees’ role so they understand how it fits within their responsibilities.

    Why do you need a human firewall for SaaS apps?

    There’s a danger around employees sharing sensitive data for the sake of speed, rather than out of any malicious intention.

    In our recent webinar on the human firewall, Christopher Russell, CISO at tZERO, said the thinking behind sharing sensitive data in SaaS apps could be from employees thinking, “I’ll just share this in Slack, then delete it and it’ll be fine.

    The difficulty with this is that the modern workspace moves so quickly that if that person then forgets to delete that piece of information, it could live in Slack indefinitely. What if your Slack channels were then hit with a data breach? That information could easily fall into the wrong hands.

    On the other hand, you don’t want to slow your colleagues down or block them doing their jobs entirely.

    You have to be an enabler for the business to meet their deadlines and not have this process that makes sharing these things arduous,” Chris continues. “If you make it painful, not feasible, or inefficient, they will work around that. With the amount of SaaS tools out there, it’s really hard to monitor them all. You have to give them an easy, no-brainer way, so you can at least keep it in that one lane.

    Using a data security platform like Metomic in this sort of scenario can help you to get visibility over all your SaaS apps from one dashboard so you can detect sensitive data being shared, and act early when it comes to insider threats too.

    How to create & strengthen your human firewall

    There are a few ways you can start to create your human firewall:

    #1. Make yourself known

    If people don’t know who you are and what your role is in the company, they won’t think to include you in crucial decisions and discussions. Or they may not know who to approach about any security concerns. Making yourself known to all your colleagues can alleviate this.

    #2. Be available in the moment

    Although it may be difficult, making yourself available when someone is worried about security issues can make all the difference. Once they know you’re able to help, people will begin to trust you and come to you when they suspect something is wrong.

    #3. Strengthen it with interactive sessions that are tailored for each team

    Generic security training just won’t cut it anymore. Engaging content that relates to a particular team’s job can improve the attention paid to your presentation.

    Help each team to see how they’re connected to the bigger picture. For instance, if your customer service team are sharing sensitive customer data with each other in Slack regularly, you may want to alert them to the fact that if the company suffered a data breach, this information could put customers at risk.

    #4. Use automation to put the power in their hands

    You won’t be able to fix every problem yourself and putting the responsibility back on individual employees will help to maintain a culture of security-aware employees. Jonathan Jaffe, CISO at Lemonade, suggests trying “to automate as much of the responsibility and notification of the issue to the person who raised the issue. If you can automate a response that notifies them in nearly real-time of the issue, there’s proximity which increases learning and retention.”

    #5. Don’t overwhelm your employees

    If you can, try to spread security awareness training out over a few weeks rather than giving people information in one go. You could do this with a mixture of short videos and in-person tutorials to ensure all of your time isn’t spent giving training to your team.

    #6. Get buy-in from your leadership team

    Another key point highlighted in our webinar was the importance of getting buy-in from your leadership team when it comes to building your human firewall.

    The time, cost and resources dedicated to security training can be a barrier for security experts who need to convince senior members of the team that it’s worth the investment.

    The most important thing is to speak to the leadership team in a language they’ll understand. “Speak in terms of risk, and metrics they understand like ARR or MRR,” says Chris. “For example, it cost us this much, or this many work days, or this person’s entire week.”

    Put your team’s security education on autopilot

    With a data security platform like Metomic, you’re able to continuously educate your employees on your security policies with custom notifications. See how we’ve helped companies like TravelPerk to do the same here.

Book a demo

Our team of security experts are on hand to walk you through the platform and show you the impact it can have on your business.

Simply fill in the form and we'll get back to you as soon as we can.