Human firewall: best practices to prevent cyber attacks

human firewall


Due to the pace of digitalization, it’s more important than ever to have a strong defense against cyber attacks. That’s where the human firewall comes in!
A human firewall is someone who is aware of the dangers of the internet and takes steps to protect themselves and their company from being hacked.

There are three lines of defense when it comes to cybersecurity: prevention, detection, and response. The human firewall is responsible for all three. By being proactive and educating yourself on the latest threats, you can prevent attacks before they happen. If an attack does occur, you can quickly detect it and take steps to mitigate the damage.

So how do you become a human firewall? Everything starts with understanding the three lines of defense and being vigilant against phishing scams (the most common form of cyber-attacks). You should also make sure your software is up-to-date and that you’re using strong passwords. 

Furthermore, being aware of cyber threats and acting as a human firewall is the perfect skill to leverage synergies.

You can train yourself as an employee to be a human firewall by learning about cybersecurity threats and implementing security policies, so to drastically improve your company’s security!

The Importance of a Human Firewall

What Is a Human Firewall

A human firewall is the last line of defense against cyber attacks. He is responsible for stopping attacks that make it past the outer layers of security, such as firewalls and antivirus software.

The Human Firewall in Action

The human firewall is responsible for identifying and stopping attacks that exploit vulnerabilities in hardware or software, such as phishing scams and malware. They do this by using their knowledge of how cyber attacks work to identify suspicious activity and prevent it from happening.

Human Firewall – A Company Asset

Know the Three Lines of Defense

You are the first line of defense against cyberattacks and are responsible for the prevention of cyber-attacks. You need to be aware of the different types of attacks and how to protect yourself. Phishing attacks are one of the most common types of attacks. They are attempts by attackers to trick you into giving them your personal information, such as your username and password. To protect yourself from phishing attacks, you should never click on links in emails or texts from people you don’t know. If you think an email might be a phishing attack, you can forward it to your company’s IT department or security team for analysis.

Another type of attack is malware. Malware is software that is designed to damage or disable computers. It can be installed on your computer without your knowledge and can cause serious problems, such as stealing your personal information or destroying data on your hard drive. To protect yourself from malware, you should keep your antivirus software up-to-date and run regular scans for malware on your computer. You should also be careful about what websites you visit and what files you download. Only download files from trusted websites and avoid clicking on links in emails or texts from people you don’t know.

Your company’s security team and IT department are the second and third line of defense against cyberattacks. They are responsible for protecting the company’s network and data from attacks. To do this, they use a variety of tools, including firewalls, intrusion detection systems (IDS), and encryption technologies. They also create policies and procedures to prevent employees from accidentally exposing the company to risk. As an employee, you need to follow these policies and procedures to help keep the company safe from attack.

Be Wary of Phishing Scams

Phishing attacks are one of the most common types of cyberattacks. They are attempts by attackers to trick you into giving them your personal information, such as your username and password. To protect yourself from phishing attacks, you should never click on links in emails or texts from people you don’t know. If you think an email might be a phishing attack, you can forward it to your company’s IT department or security team for analysis.

Keep Your Software Up-to-Date

One way to protect yourself from malware is to keep your software up-to-date. This includes your operating system, web browser, and any applications you have installed on your computer. Attackers often exploit vulnerabilities in outdated software to install malware on computers. By keeping your software up-to-date, you can help prevent attackers from being able to take advantage of these vulnerabilities.

Use Strong Passwords

Ultimately, but not less important, is to use strong passwords. A strong password is one that is difficult for an attacker to guess or brute force. It should be at least 8 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. You should never use the same password at more than one site or service. When possible, you should enable two-factor authentication (2FA) for additional protection.

How to Train Your Employees to Be Human Firewalls

Educate Your Employees

Thorough education on cyber threats is crucial to keep the security level of a company high. Figures show that 50% of cyber-attacks are due to human failure, thus the importance of having robust education in place for your employees, as a business owner.
The first step in training employees to be human firewalls is to educate them on what a human firewall is and why it’s essential. Make sure they understand the three lines of defense and how they can help protect the company from cyber-attacks.

Implement Security Policies

Once the employees are educated on cyber security, it’s important to implement policies and procedures that will help protect your company. Some things you may want to consider are requiring strong passwords, implementing two-factor authentication, and restricting access to certain sensitive information.

Hold Regular Trainings

It’s not enough to just educate employees once; you need to make sure they’re up-to-date on the latest cyber threats and how to protect against them. Hold regular trainings and encourage them to ask questions if they’re ever unsure about something.


A human firewall is the first line of defense against cyber attacks. By being aware of the potential risk in every scenario, and taking steps to protect yourself, you can be a valuable asset in keeping your company safe from hackers. Educate yourself and your employees on best security practices and make sure to stay up-to-date on the latest threats. Following these simple steps can help make your company a harder target for attackers.


How to disable automatic sign-in to Windows

by Chris Taylor

About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

Microsoft has, more or less, continually improved security in Windows. One important layer of security is the sign-in to the computer, which helps secure your information and identity.

We have progressed from Windows 95, where hitting the Esc key at the login prompt allowed you to access all locally stored information. But even in Windows 11, Microsoft still allows you to configure automatic sign-in and local accounts with no password. If you have taken advantage of either of these features and have become concerned about the security of your information and identity, you might want to fix them.

Disable automatic sign-in


type in netplwiz, and press Enter. If you are not currently signed in using an account with administrative privileges, you are prompted to provide credentials for a local admin account. Control Panel’s User Accounts loads. Put a check mark in the box Users must enter a username and password to use this computer. Click the OK button and restart the computer.

Set a password on every local account

An account with no password also allows automatic sign-in, so it is best to ensure all local user accounts have a password. Load netplwiz as above and click on each account listed.

For your current account, you will see the following:

If you have no password on your account, follow the instructions to set a password.

For accounts using a Microsoft Account for authentication, you will not be able to change the password and will see the following:

That’s fine as they have a password. You can change the password for a Microsoft Account at

For other user accounts, you cannot see if a password has been set, but you can force a password by clicking the Reset Password button.

If this is an account used by someone else, you might want to try signing in under this account to see if you are prompted for a password and then speaking with the person before you force a password on the account.

For advice on choosing a good password, see my article Password strength in the December, 2021 issue of Cybersecurity News


Speedtests & how to measure your internet speed

speedtest glasswire


If you’re having trouble with your internet connection, one of the first things you’ll want to do is test your speed. Speedtest is a free online tool that lets you measure your internet connection speed. In this blog post, we’ll show you how to use Speedtest to measure your internet speed and interpret the results.

What is Speedtest

Speedtest is a tool that allows you to measure your internet speed. It is a useful tool for troubleshooting internet connection issues and for determining whether your internet service provider (ISP) is providing the speed they promised. You can also use a Speedtest to measure the performance of a home or office network.

There are several benefits to using Speedtest:

– Ensuring you are getting the speeds you are paying for from your ISP.

– Diagnosing and fix potential issues with your internet connection.

– Seeing how your home or office network performs compared to other networks.

How to use Speedtest to measure your internet speed.

In order to use Speedtest to measure your internet speed, you will need to follow these steps:

1. Go to in your web browser

2. Click on the ‘Start Test’ button

3. Wait for the test to complete – this usually takes around 30 seconds

4. Once the test is finished, you will see your results on the screen

5. These results will show you your “ping”, “download speed”, and “upload speed”.

How to interpret your results.

After you’ve run a speed test, you’ll see a variety of metrics that show your results. Here’s a rundown of what each metric means:

Download Speed: This is the amount of data that your computer can receive from the internet in a given period of time. It’s measured in megabits per second (Mbps).

Upload Speed: This is the amount of data that your computer can send to the internet in a given period of time. It’s also measured in megabits per second (Mbps).

Ping: This is the amount of time it takes for your computer to send a request to the server and receive a response back. It’s measured in milliseconds (ms). A lower ping means a faster connection.

Jitter: This is the variation in latency (ping) over time. A low jitter means a more stable connection.

How can I get a more detailed analysis of my speed traffic?

In spite of its overall accuracy, Speedtest only does a general analysis of your internet speed capability. What the tool doesn’t tell you is how the different apps and services on your computer are draining internet resources.

Let your internet speed connection be 100 mb/s, how can you tell which is the most speed-consuming app on your device?

Well, lucky for you GlassWire is what you are looking for. Our app lets you run a speed test analysis and can tell you how much data your single apps are using.

There’s more, GlassWire can keep track of the historical consumption of data so that you can spot anomalies in the volumes of data exchanged. This is the first alert, for instance, for bad behaving apps and malicious services.

Start your free trial today, download GlassWire at and start monitoring your traffic now.