Follow these three tips to provide your employees with effective and enduring training on how to use IT safely:

1. Speak your employees' language when you talk about IT awareness -- not everyone will have the same basic understanding of the technology involved. Internal training and awareness measures should always be pitched at the right level. Gather together all the employees involved in a problem, then use straightforward language and practical examples to explain to them which specific threats, such as CEO fraud or ransomware, your company faces and what the potential consequences might be.
2. Make sure your employees feel that making enquiries with the IT department about a suspicious e-mail will not create extra work for anyone and that it is, on the contrary, exactly the right thing to do. Let staff in the Accounting department, for example, know that, if they receive a dubious payment request, they can query it with Top Management at any time. Customise your in-company processes so everyone always knows who they can contact via e-mail, messaging service or phone without any hesitation.
3. Awareness measures are especially successful when they are rooted in actual practice and therefore tangible for employees. Show your employees real e-mails that have been used to attack your company. A gamified approach, e.g. in the form of an escape room or a quiz, will help your employees to understand the issues of IT security and awareness through play, whereas a phishing simulation will train your employees to recognise suspicious e-mails for themselves.

Drawn up with the help of:
Botfrei.de -- the security portal