Awareness Training
Besides the many technical possibilities to improve the IT security in your company, the training of your employees plays an important role too.
In trade, for example, it is normal that employees are informed about the hazards when operating huge machines. In other branches - especially when most of the work is done on computers - there is an urgent lack of information and training.
In the first instance, awareness training is supposed to sensibilize the employee. He has to understand why he should not do something and how to behave in certain situations. For example: in a social engineering attack, the invader will try to get the passwords of the user via telephone; the average success rate is 80%! If the user becomes aware that his password is as important as the PIN code of his credit card and that NOBODY should ever get to know it, it makes more sense to him.
The awareness training is often accompanied by some other measures:
- A short message on an advertising medium (e.g. ball pen, post-it note, mouse pad, frisbee, watch)
- Posters und check lists
- Screensavers and banners
- Newsletters
- E-mail messages
- Video clips
- Web-based trainings and tests
- Classroom trainings
- Internal IT security presentations
- Mascots