Human security factor

IT security is only as good as the person using the systems. This is why we do not see people as vulnerabilities, but as a defensive shield against cyber attacks. Many companies have already realised that IT security cannot be achieved by technical measures alone -- trained personnel also have a significant role in protecting against cyber attacks. If we see people as the "human security factor", they become part of the solution, not the problem. As such, IT security concerns every employee and every department within a company -- from working students in Accounting to warehouse clerks and beyond to top management.

Awareness and training

If a cyber attack or an attempt at social engineering is identified quickly, this can prevent considerable financial and immaterial losses. Therefore, raising awareness of these problems and of the relevant security issues is an important preventive measure, alongside regular training sessions, when it comes to strengthening the "human security factor". The relevant threats must be known and expectations regarding information security within the company or organisation should be communicated clearly. The foundation is therefore laid for handling data and IT/information security sensitively. The relevant threats must be known and expectations regarding information security within the organisation should be communicated clearly.

Documents and information

The following section provides a range of information and guidance from the Federal Office for Information Security (BSI) on how to increase awareness of cyber security amongst your employees.
Please note that some of these documents are not accessible to the public and instead require you to log in to the Alliance for Cyber Security website.