With an effective security strategy in place that covers risk analysis of the company’s business processes and defines adequate measures, the company can protect itself against losses. Protecting data and information systems is an ongoing process that keeps up with the latest developments and sets up effective measures to protect data and information from disclosure, destruction, or unauthorized access.

MINIMIZING INFORMATION SECURITY RISKS THROUGH EMPLOYEE TRAINING

Developing digital security literacy, awareness and competencies is one of the key measures to reduce information security risks in Iskraemeco. By implementing the process based on the tested methodology of ISO 27001 and other good practices, we can present to the employees the theoretical and practical examples of threats to which we are exposed as employees or as an international company in a straightforward and efficient manner. People are one of Iskraemeco’s core values, and by implementing training processes, we can help protect our business and support the personal security awareness of our employees. Since information security is based on three pillars, namely people, processes, and technology, we will focus in more detail on the pillar that experts have long described as the weakest one – people. As a curiosity, in 2020 and during the COVID-19 pandemic, we have recorded a considerable increase in the social engineering attacks (e.g. phishing) on end-users, further reinforcing the need to provide a robust process for developing information security literacy in a professional environment. Cybersecurity literacy of employees is a process that was enhanced last year with several relevant new elements that will strengthen the overall awareness of employees with regards to these issues.

Continue reading blog in the new Engage edition, page 17.