The last year has reminded us cyber threats continue to evolve, artificial intelligence (AI) is being used to enhance attacks, business email compromise (BEC) scams are increasing, and ransomware campaigns are still disrupting operations. In this landscape, one truth remains clear – technology alone cannot protect us. We need to build a culture of cybersecurity awareness including every employee, partner, vendor, and stakeholder – engaging our human firewalls in the protection against these threats.
RubinBrown’s Cyber Security Services team is dedicated to helping our clients make sure every person on the team is informed and empowered. We encourage every organization to take proactive steps to strengthen their human firewalls. The following are our recommendations to help enhance your security awareness and encourage your team members.
Security is not just an IT issue – it needs to be near top-of-mind with everyone. Every employee from the front desk to the boardroom can have a significant impact on cybersecurity. Encourage employees to report suspicious activity like unexpected requests, odd emails, or unusual behaviors.
Phishing attacks and social engineering continue to be the top causes of security issues. The advances in AI and deepfake technologies make fraudulent messages, calls, and even video calls more convincing.
A steady cadence of awareness training is key to remind employees:
Encourage reporting of suspicious email or messages to the IT team – prompt reporting can help the IT team identify trends or cyber attacks – so encourage your human firewalls to stay engaged.
Weak and reused passwords (or even similar passwords with minor changes) are one of the easiest ways attackers compromise accounts. One site gets compromised and the attackers use credential stuffing attacks to go after financial, healthcare, and other sites. Encourage the use of passphrases, long strings of random words that are both strong and memorable (for example: BlueRiver!HarvestMoonDance). It doesn’t have to be over-complicated, just nothing that can be guessed off of social media or personal information.
Try a password manager – there are many to choose from – they securely store, generate, and autofill strong passwords, reducing the temptation to reuse credentials across accounts. They make it easier to maintain unique credentials across different websites with 16-digit random passwords – significantly reducing risk of credential compromise.
Activate MFA everywhere and anywhere! Personally, professionally, and for organizations – MFA is available, relatively easy to activate, and it stops most attacks before they can cause harm. Use your favorite available MFA including the mobile apps, biometrics, or even (though less secure) SMS – cyber criminals are lazy, use MFA and they will generally “bounce off” and go to the next easy client. Don’t be low hanging fruit for criminals.
Make reporting a good thing – let everyone know you want them to report any unusual activity. Even if someone suspects they may have “clicked on something” – encourage them to report it. The IT team, and especially the security team, much prefers over-reporting to under-reporting – we can always help tune the human firewall.
Reflecting on the past 12 months and thinking of the next 12 – one theme stands out: the human element is both our greatest strength and our greatest vulnerability. When employees are informed, supported, and encouraged to take security seriously, they become an active part of the defense strategy.
RubinBrown encourages every organization to reinforce your commitment to security awareness. Foster a culture of caution, education, and accountability to better protect our systems, people, organization, and community.
Cybersecurity is a year-round commitment. Look for our monthly cybersecurity reminders throughout the next 12 months!
RubinBrown Cyber Security Services is dedicated to helping organizations identify risks, strengthen defenses, and build lasting cybersecurity resilience through proactive strategy, education, and technical expertise.
Published: 11/04/2025
Readers should not act upon information presented without individual professional consultation.
Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.