Employees are the most important link in the security chain in the fight against cybercrime, says Marcus Beyer from Swisscom. He presents the contents of his talk at the Internet Security Days (ISD) presentation in a short interview. The eco Association invites you to attend this IT security conference on 29-30 September 2022 at Phantasialand Brühl, Germany.
Mr Beyer, why is employee awareness-raising not running optimally in many companies?
On the one hand, in many cases, many employers are not really in touch with the issues that affect their employees. What keeps them motivated? What are the needs of the workforce? What are the risks that affect them? The focus on the human factor is often limited to the implementation of regulatory requirements or compliance with standards without knowing whether the staff is ready to implement them. Secondly, staff awareness-raising often lacks priority and resources. As a result, many staff awareness-raising measures are bland, boring and uninteresting. You won’t attract anyone to the screen for that.
What special requirements apply to critical infrastructure companies?
There is no doubt that a thorough understanding of the human factor is necessary here. The human beings are and remain the number one target of attack. In order to be able to react and act safely, however, you also need educated and trained employees at all levels, the right attitude and a healthy error culture. If something happens, you have to be able to react quickly and promptly.
What advice do you have for communication and training measures?
Communication needs a story. Storytelling is also important for security issues. Employees only feel addressed and involved if the communication is geared towards them, involves them emotionally and is designed in an exciting way. Nothing is more boring than yesterday’s clickable eLearning module. In addition, you have to see yourself as a system designer. It is about a healthy interplay between applicable rules, usable technology and the involvement of employees.
Mr Weiss, thank you very much for the interview.
As part of the Internet Security Days (ISD) 2022, Marcus Beyer will present new ways of raising employee awareness and insights at Swisscom (Switzerland) Ltd on 30 September under the motto “Security Awareness Must Rock”.