IT security is not only gained by implementing suitable software, but also by raising awareness of it. Therefore, the different departments of a company must also be trained individually:
- Management: The topics compliance and Information Security Management System (ISMS) are often paramount.
- Administrators: For administrators, the update process, i.e. how updates are imported, as well as appropriate rights management are particularly important.
- Software developer: A developer should avoid typical mistakes in the design process and, if possible, provide security guarantees (security by design).
- Employees: One of the top attacks on companies is the so-called social engineering. In other words, in the worst case scenario, the employee won’t even notice that he has released critical information. Here it is important to make employees aware of the risks on a regular basis.