Train employees — more knowledge, fewer mistakes
The human factor is responsible for most IT-related incidents. In order to achieve basic security, it is crucial that all employees and suppliers have the knowledge, attitude and understanding required to reduce the risk of mistakes being made.
A lack of information on how employees are to behave in relation to IT systems is one of the greatest factors enabling intrusion or improper use of the company’s systems.
The purpose of training employees in IT and information security is to help the organization, easily and cost efficiently, raise employee awareness of the basic aspects of information security management and enable the desired levels of confidentiality, accuracy and accessibility in relation to the organization’s information assets.
Training at a minimum should include passwords, mobile devices, malicious code, social media, email, creating backups, traceability and logging, smartphones, tablets and secure behavior.
One such information security course is DISA – Datorstödd informationssäkerhetsutbildning för användare (in Swedish), which was produced by the Swedish Civil Contingencies Agency, MSB).
If you would like to improve your knowledge of what is required to maintain basic IT security according to the SSF 1101 Edition 1, SSF Cybersecurity Basic Level – Basic IT Security standard, SSF Swedish Theft Prevention Association offers a course that you can read about here (link).