In the era of an economy based on information stored and processed in electronic form, the method of securing it has become one of the most critical elements of information systems. Loss of important data means bankruptcy, and the attempt to rebuild the image from scratch and catch up on competing companies may turn out to be very difficult. If it can be implemented anyway. Entrepreneurs must be aware that a correct approach to security requires a significant increase in the technical and IT culture of their employees.

One of the basic mistakes entrepreneurs make is the conviction that only employees of the IT department should be trained in the security of information systems. In addition, there are still expectations for IT to take full responsibility for the safe use of computers by other employees. This means that employees can use all available online tools thoughtlessly, and the IT staff will always be responsible for the negative consequences.

If we tried to introduce an analogy to the automotive industry, it would be like saying that only car mechanics and police officers should be trained on the principles of road safety. Drivers should only be taught how to drive a car, no matter how they reach their destination. Unfortunately, this is not the case because there are road regulations and they are properly enforced by the police.

There are rules on the Internet built on the basis of decades of Internet users' experiences, which enforce a certain culture and IT awareness of users. Please pay attention to the fact that I did not use the word "knowledge" only IT consciousness.

Do IT professionals have this awareness? Of course they do. Do ordinary users have it? The vast majority do  not. Do you need IT knowledge to get it? Not exactly, but if anything, it does not differ much from the knowledge that users already possessed in order to use basic IT tools.

A computer station connected to the Internet is exposed to constant threats, ranging from unwanted e-mails, various types of viruses and spyware, through more sophisticated methods of phishing passwords and confidential information, and ending with social engineering attacks. The larger the company's IT infrastructure, the more hardware and human resources must be involved in it to get the most security and the least risk of compromising and losing data.

The real purpose of using IT solutions is to try to make life easier for users in their daily work. Excellent systems for securing IT systems do not exist. Even if the implementation of a great solution would be done in a perfect way, we must realize one most important and weakest link in the system that is human.

Consider only one element, which is the security of passwords. For the password to be correct, it must be difficult to guess. Moreover, it must be changed regularly in such a way that the attacker, if he or she already has the right password, can use it only for a limited period of time. Such a solution seems almost perfect from the point of view of security management specialists, while for ordinary users it is one great torment. People do not want to invent long and difficult passwords, the more so that repeated confusion additionally results in blocking the account. Users want to have passwords that they can easily remember and do not want to change them often. So what are they doing to deal with such a problem? They create easy-to-remember passwords (easy to guess) and they also try to use the same password everywhere. After all, the most important thing for them is to do the obligatory work, not frustratingly thinking about making up difficult and complicated slogans.

Security specialists know that, so they try to come up with some other ways to increase login security. So what does the user do? He or she writes down the passwords on a piece of paper (or even better, places them prominently on the desk), thus completely denying the idea of secure information systems.

Does such a game "cat and mouse" make sense?

Employees are trained in occupational health and safety because such are legal requirements. Position training, personal data protection or the most important IT system applications are organized for them. Unfortunately, they then sit in front of a computer connected to the Internet and the employer is forced to trust them that they have sufficient knowledge to safely use the Internet tools. Are you sure? Can an entrepreneur afford such a risk?

There is a wide range of courses on the market that allow you to obtain basic IT skills focused on the duties performed by employees. Unfortunately, they focus more on service skills than on the creation of IT awareness of the safe use of these tools.

The idea of IT awareness is not to create complicated procedures and safety regulations. It is about teaching users a certain way of thinking, which will trigger the proverbial "red flap" in the head when any threat occurs. Unfortunately, if users cannot cope with proper IT systems support, attackers will use this fact very carefully.

What should you do? Give them a chance and learn how to think in the right way, and let the IT specialists take care of the rest.