A study on the internal security of companies : Internal practices regarding risks in digitised working environments and employees relation to information security

Abstract: Internal practices are fundamental to companies information security, as organisations become digitised. This study investigates how four companies work with internal security, as well as the external impact factors that can affect the security. For example, the general information security awareness among employees is studied, as is the impact of the COVID-19 pandemic. By conducting interviews with one representative at each company, and by studying literature, the study aims to enlighten differences and similarities as well as strengths and weaknesses in the companies security work. In conclusion, the study showed that the four companies had a similar view on the prioritisation of security and the importance of it, although they differed a lot in the applied practices and use of policies. The two larger companies had a more profound security work, regulated by documents and policies. In contrary, the two smaller companies for the most part used common sense as their approach to employees security mindset. The COVID-19 pandemic did not seem to affect the companies security work to a large extent. Although, they did see an increase in the amount of IT attacks and therefore the security could be argued to be in need of further assessment.