S 3.75 User training on groupware client security mechanisms

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Head of IT, IT Security Officer

In general, groupware systems are so complex that security gaps may be opened accidentally in the event of improper use or misconfiguration. This is particularly applicable if the users have not received sufficient training regarding the way the groupware system used is to be handled. The system configuration is normally performed in such a way that the users may only change it to a limited extent. However, being unfamiliar with the security mechanisms and settings available to a user may result in the system being used insecurely.

Therefore, all users must receive training as to how to handle the groupware client. However, along with information on the use of the client software, it is also necessary to provide the users with information on the basic mode of operation of the groupware system. The users must first and foremost be made aware of the available security mechanisms so that they are capable of using these properly and appropriately.

The employees must be informed about the threats associated with the use of groupware and email clients. This may be performed with the help of a short instruction or leaflets, for example. It must be pointed out that any abnormal behaviour of the communication software must be reported.

Review questions:

• Did all users receive training regarding their work with the groupware client?
• Have the users been shown how to handle all relevant security mechanisms of the groupware used?