Strategy to Improve Employee Security Awareness at Information Technology Directorate Bank XYZ

Abstract

Bank handles private information like customer financial transactions and personal data. There was a 63% increase in cyberattacks attempted against Bank XYZ in 2021, and 1,323 attempted attacks on corporate email Bank XYZ. Therefore, implementing security awareness training for all employees is crucial for Bank XYZ. The information security awareness program must be assessed to determine the program's efficiency and the level of information security awareness among employees. Therefore, this study assesses the information security awareness at Bank XYZ, especially the Information Technology (IT) Directorate using the Human Aspect of Information Security Questionnaire (HAIS-Q) method. The findings of this study revealed that employees at Bank XYZ in the information security work unit had a "Good" level of awareness. In contrast, the results from other IT work units were “Medium”. Based on the assessment results, Bank XYZ's security awareness strategy recommendation is to align awareness content with information security policies and procedures, use a variety of media awareness, and focus on the "Internet Use" and "Information Handling" awareness areas. As a way of determining the achievement of information security Key Performance Indicators (KPI), security awareness measurement must be done regularly, for example, once a year.