Académique Documents
Professionnel Documents
Culture Documents
13 Efficient Ways
to Boost the IT Security
Understanding
of Your Colleagues and Employees
IT SECURITY
In many cases, policies are written in such a difficult way that they simply cannot be
effectively absorbed by employees. Instead of communicating risks, dangers and good
practices in clear and comprehensive instructions, businesses often give employees multi-
page documents that everyone signs but very few read – and even fewer understand.
The transparent display of the functions of the security software used can also act as a
deterrent: If an employee knows that shadow copies of all outgoing data are stored, a
conscious misuse of data is unlikely.
PAGE 2 OF 6
IT SECURITY
Regular Trainings
Without thoughtful and vigilant employees, companies cannot realize information secu-
rity. Even a careless click on a mail attachment from an unknown person or a note with
passwords or access data on the desk are still common gateways. An unknown person
in a building can also be a danger if he or she can enter sensitive areas of the company
without being bothered by security checks. Therefore, obligatory and regular awareness
training courses are important for all employees. Assess the individual level of know-
ledge of the employees before the training. If necessary, use external consultants. This
way you can close the knowledge gaps of your employees individually.
IT security awareness can only be permanently raised through regular training and ed-
ucation measures. A once-off IT security briefing only creates short-term awareness.
Employee training with understandable practical relevance and examples from everyday
life are always preferable to theoretical training.
PAGE 3 OF 6
IT SECURITY
Social Engineering
To provide technical measures for social engineering in addition to user awareness,
more complex methods are necessary. One possibility is the digital signature of e-mails.
The sender‘s validity is cryptographically verified. This validation is performed, for exam-
ple, by a special secure mail solution.
Universal Monitoring
Integrated IT protection is rounded off by innovative monitoring and intrusion detection
solutions. In times of authorization-controlled access to IT, the amount of login data is
growing rapidly. On a technical level, Identity and Access Management (IAM) and Secu-
rity Information and Event Management (SIEM) systems support monitoring. They can
be used to control the authorizations of employees and permanently monitor systems.
In addition, irregularities can be identified much faster and alerts automatically raised.
Organizational Methods
This method of gaining knowledge unfairly and compromising companies from within is
still used in practice. However, it does not always have to be an employee who has been
infiltrated into a company. It is also easy to convince former employees to disclose trade
secrets to a successor company. The higher the position in the previous company, the
greater the chance that the employee holds sensitive information.
As a company, you can certainly protect yourself against this unwanted flow of infor-
mation. In practice, this is done by longer notice periods in the employment contract
or by agreeing on a post-contractual non-compete clause for a period after leaving the
company.
This shows more clearly how important the integrity of employees is for a company.
PAGE 4 OF 6
IT SECURITY
Hire a CISO
In addition to the Chief Information Officer (CIO), a separate position for a Chief Informa-
tion Security Officer (CISO) also needs to be created. Due to the complexity of the area
of responsibility, the CIO usually does not have the possibility to meet all requirements
with the appropriate intensity. IT operations are usually given the highest priority, which
is why security issues are often left behind or only advanced very slowly. The CISO is
responsible for the development and definition of security-relevant objects, threats and
risks and the security objectives derived from them. The reporting channel of a CISO
usually takes place directly to the Executive Board (CEO), because he is responsible for
the risk management of all information assets of a company.
Conclusion
As an IT administrator or IT security manager, you are constantly walking a tightrope. On
the one hand, users are to be given the greatest possible flexibility in their daily business,
but on the other hand, focus must be placed on ideal and comprehensive IT security.
Finding a suitable balance between both factors is and remains the exciting challenge
administrators must face every day.
ABOUT PAESSLER AG
Paessler AG’s award winning PRTG Network Monitor is a powerful, affordable and easy-
to-use Unified Monitoring solution. It is a highly flexible and generic software for moni-
toring IT infrastructure, already in use at enterprises and organizations of all sizes and
industries. Over 200,000 IT administrators in more than 170 countries rely on PRTG
and gain peace of mind, confidence and convenience. Founded in 1997 and based in
Nuremberg, Germany, Paessler AG remains a privately held company that is recognized
as both a member of the Cisco Solution Partner Program and a VMware Technology
Alliance Partner.
000335/EN/20180529 PAGE 5 OF 6
Have a Constant
Eye on Your
Network Security
www.paessler.com/
network-security-monitoring