Budapest International Research and Critics Institute-Journal (BIRCI-Journal)

As a company that is operating in the telecommunication sector, XYZ must ensure that they have adequate capabilities to protect their company’s and customers’ sensitive data. Although various information security systems and processes are already in place, human resources still are the weakest link in cyber security. The new normal of Working From Home makes the threat even larger. Basically, Information Security Awareness (ISA) denotes whether or not users are aware of information security objectives. Using a phishing scenario, this study examined the level of ISA of XYZ employees and how ISA training might improve their awareness level. The simulation outcomes were compared to the results before and after they received ISA training on a percentage scale. The results showed a positive increase between before and after being given training. Employees who clicked on phishing URLs before training reached 31% reduced to 12% after training. Meanwhile, employees affected by phishing decreased from 24% to 4%. The study also revealed discovered that based on the nature of the job, employees who work at directorates who work more on non-technical matters have lower awareness when compared to employees who work at directorates who work more on technical work.

A. S. P. P. S S Tirumala, “A survey on Internet usage and cybersecurity awareness in students,” 2016 14th Annual Conference on Privacy, Security and Trust (PST), 2016.

A. W. D. P. Adetokunbo Bashorun, “Information Security: To determine its Level of Awareness in an Organization,” 2013 7th International Conference on Application of Information and Communication Technologies, 2013.

C. Indonesia, “cnnindonesia.com,” 06 July 2020. [Online]. Available: https://www.cnnindonesia.com/teknologi/20200706072707-192-521192/data-pribadi-bocor-denny-siregar-ancam-gugat-telkomsel. [Diakses 06 March 2022].

D. E. I. I. I. Heru Sutadi, “kontan.co.id,” 26 February 2021. [Online]. Available: https://adv.kontan.co.id/news/pandemi-dan-meningkatnya-kebutuhan-akses-data-internet. [Diakses 06 March 2022].

G. M. P. S. Steven McElwee, “Influencing Outcomes and Behaviors in Simulated Phishing Exercises,” SoutheastCon 2018, 2018.

K. R. Mukhammad Gufron Ikhsan, “Measuring the Information Security Awareness Level of Government Employees Through Phishing Assessment,” 2019 34th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC), 2019.

L. R. S. d. S. Yesem Kurt Peker, “Online Cybersecurity Awareness Modules for College and High School Students,” 2018 National Cyber Summit Research Track, pp. 24-33, 2018.

Ningrum, P. A., et al. (2020). The Potential of Poverty in the City of Palangka Raya: Study SMIs Affected Pandemic Covid 19. Budapest International Research and Critics Institute-Journal (BIRCI-Journal) Volume 3, No 3, Page: 1626-1634

Saleh, A., Mujahiddin. (2020). Challenges and Opportunities for Community Empowerment Practices in Indonesia during the Covid-19 Pandemic through Strengthening the Role of Higher Education. Budapest International Research and Critics Institute-Journal (BIRCI-Journal). Volume 3, No 2, Page: 1105-1113.

Sihombing, E. H., Nasib. (2020). The Decision of Choosing Course in the Era of Covid 19 through the Telemarketing Program, Personal Selling and College Image. Budapest

M. K. T. M. T. Anthony Carella, “Impact of Security Awareness Training on Phishing Click-Through Rates,” 2017 IEEE International Conference on Big Data (BIGDATA), pp. 4458-4466, 217.

M. Kassner, “techrepublic.com,” 21 December 2020. [Online]. Available: https://www.techrepublic.com/article/cybersecurity-pros-are-humans-really-the-weakest-link/#:~:text=%E2%80%9CPeople%20often%20represent%20the%20weakest,and%20first%20published%20in%202000.. [Diakses 06 March 2022].

M. M. K. S. R. Yaman Salem, “Evaluation of Information Security Awareness among Palestinian Learners,” 2021 International Conference on Information Technology (ICIT), pp. 21-26, 2021.

M. N. K. F. E. W. J. Mohd Sarifuddin bin Othman@Mustafa, “An Enhanced Model for Increasing Awareness of Vocational Students Against Phishing Attacks,” 2019 IEEE International Conference on Automatic Control and Intelligent Systems (I2CACIS 2019), 29 June 2019, Selangor, Malaysia, pp. 10-14, 2019.

Office365Reports, “Train Your Office 365 Users Against Phishing Attacks using Attack Simulation Training,” Microsoft, 12 March 2022. [Online]. Available: https://o365reports.com/2022/02/16/train-your-office-365-users-against-phishing-attacks-using-attack-simulation-training/. [Diakses 19 March 2022].

S. F. N. C. Emad Sherif, “Awareness, Behaviour and Culture: The ABC in Cultivating Security Compliance,” The 10th International Conference for Internet Technology and Secured Transactions (ICITST-2015), pp. 90-94, 2015.

S. G. S. M. I. A. S. Khando Khando, “Enhancing Employees Information Security Awareness in public and private organisations: A systemic literature review,” computers & security 106 (2021) 102267, vol. 106, pp. 1-22, 2021.

S. M. Hong Chan, “Significance of Information Security Awareness in the Higher Education Sector,” International Journal of Computer Applications (0975 – 8887), Vol. %1 dari %260– No.10, pp. 23-31, 2012.

T. B. Phil Legg, “Tools and Techniques for Improving Cyber Situational Awareness of Targeted Phishing Attacks,” 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), 2019.

T. D. S. I. Iffah Budiningsih, “Awareness, Dominant Factor For Improving Information Security,” Cakrawala Pendidikan, Vol. 38, No. 3, pp. 490-498, 2019.

Y. S. G. a. A. G. D. D. Hantyoko, “Information Security Awareness Level Measurement for Employee: Case Study at Ministry of Research, Technology, and Higher Education,” 2017 3rd International Conference on Science in Information Technology (ICSITech), pp. 654-658, 2017.