Home Page Navigation Contents Contact Sitemap Search

Raising employee awareness in SMEs

Although technical and organisational protection measures are important, they won’t be sufficient to provide a holistic approach to information security. Employees should handle all technological facilities properly and behave securely in day-to-day-business. This is why training and awareness-raising measures (collectively termed “awareness”) for employees play such an important role, too, and should not be neglected.

Some important points to remember:

  • Draw up some easy-to-implement user guidelines.
  • Sensitise your employees and train them regularly and on a recurring basis.
  • Use a variety of communication channels and tools to reach all your employees.
  • Encourage your employees to report any irregularities, violations etc.

Why is raising awareness in SMEs so important?

A look at the statistics of successful cyber-attacks shows that the human factor is one of the most frequently used points of entry. In the process, for instance social engineering or phishing are used to trick people into disclosing sensitive data or perform an unwanted action. Experience reports from various companies demonstrate it is not enough to simply impose security measures. If employees don’t understand importance and purpose of such measures, they are not likely to be sufficiently implemented or to be taken at all.

To raise security awareness amongst your employees and to underline the priority information security takes in a company, holistic, company-wide awareness activities should be undertaken. There are various strategies for establishing and shaping a security culture. For long-term success, continuous recurring communication adapted to your target group is essential.

How can you ensure you successfully raise employee awareness in SMEs?

For the sake of clarity, it is recommended to establish an awareness concept so to minimise costs and ensure maximum success. This doesn’t have to be a large and extensive concept, but it is meant to align and efficiently design all awareness activities. In this context, it is very important for management to support all awareness activities and lead by example.

Some ways of ensuring more awareness in a business are as follows:

  • Training and workshops: Regular training on relevant topics will help employees to keep up-to-date with the latest developments.
  • Internal communication: A regular exchange of news, changes or important information promotes employee awareness and appreciation.
  • A point of contact and a culture of feedback: It is important to offer employees a point of contact/platform where they can report irregularities and violations, but also raise concerns, ask questions or submit proposals.
  • External expert knowledge: Sometimes it can be helpful to invite external experts to impart deeper knowledge on specific subjects.
  • Awareness platform: As a business, you can also establish an awareness platform to support raising awareness in your company.
  • Integration into the company culture: Raising awareness mustn’t consist of just one single campaign but has to be integrated into everyday workflows and the company culture itself.

In conclusion, raising employee awareness can be said to constitute an investment into your company’s future. Not only does it protect against legal risks and loss of your reputation in case of a potential cyber incident, but it also supports a positive working atmosphere and increases productivity. In an increasingly digitized environment, a good security culture in your business constitutes a decisive competitive advantage.

Further information

The information security manual for practical use offers some good instructions and templates, amongst others all around the subject of raising employee awareness (If you take our courses for SMEs, you will be able to order this book at a 30% rebate, for just CHF 68.00 (plus shipping).)

“eBanking – but secure!” also offers an online course for SMEs to highlight important technical and organisational measures for SMEs.

“Awareness” in the context of information security denotes employees being aware of cyber threats and able to behave securely in such a situation.

Since both the external environment (for instance new types of attack) and the internal one (for instance new processes or tools) are subject to constant change, it is mandatory for awareness to be understood as a recurring task and to be implemented as such.


What else would you like to learn about security when e-banking?

Register for a course now
and learn more:

Online basic course

Find out about current Internet threats and some easy protective measures, and how to securely use e-banking.

further information

Online course mobile banking/payments

Find out about mobile banking, mobile payments and how to securely use these apps.

further information

Online course on cryptocurrencies

Cryptocurrency beginner? Find out about the most popular cryptocurrencies and the Blockchain technology behind them.

further information

Online course for SMEs

Is your organisation sufficiently secure? Learn which measures you can take to significantly strengthen your organisation’s IT security.

further information