Online all the time, anywhere with anything
Call Us: +46 8 50003170

Security awareness is crucial for good implementation of ICT security

When organisations invest in purchasing, configuring and installing security it is stupid to not train the users in security awareness. I have unfortunately seen this many times.

In Sweden we were informed a couple of weeks ago of a security breach at the Swedish Transport Authority. When they outsourced their IT were many decisions taken out of ignorance and lack of security awareness. Not by the security professionals but by the management and in an even further extent by the government who failed to inform about illegal decisions by the management.

Security awareness is needed to be trained especially to management team to make the right decisions and to be the role-models for the staff. I have seen many times that the managers feel it is OK to break the security decisions they have taken. They are the managers so they can take the risk. Nothing can be more wrong behavior than this.

In order to be compliant with GDPR in May of next year all organisations will need to raise the competence level for all the users so they are security aware. The best way to do this is in my opinion a 3 level training sessions.

  1. For the management team in what responsibilities they have for the decisions they take and how to best staff projects for minimizing security risks.
  2. For ICT and security staff in what their responsibilities are, in this group you can also include ”Super users”/digital ambassadors.
  3. For a regular user to be able to identify and report irregularity and security breach.

In order for this chain to work the management-team need to decide on an open and positive attitude to allow staff to report security issues even if the incident happened due to the user did not follow procedures. I have seen organisations where the users did not report incidents since they were afraid of being fired. Having this attitude in a company is like asking for trouble, ”management by fear” is old school.