Survey of companies internal security

Abstract: This survey aimed to examine and analyze six companies' internal security. Six interviews were held with different sized companies, where the size of the office ranged from under ten to around 800 employees. The interviews contained questions regarding their information security, their perimeter security as well as the employees' personal security. The larger companies had more policies and security procedures than the smaller companies. Virus protection, banning USB flash drives from outside the company, security education and a well functioning report system are vital for a satisfying internal security. Interviewees from the smaller companies saw internal security principles as a necessity but also as an obstacle. The larger companies saw the same principles as something that would improve their security. These companies also had implemented more safety measures both in software, such as remote controls and guidelines for employees. Targeting problem areas with special educational campaigns helps employees defend themselves against social engineering. All companies that participated either develops software or are consultant companies in IT. They deliver IT solutions in one way or another and their internal security should reflect the same high standard and IT maturity. The smaller companies did not perform any risk analyses on which threats their company faces and did not have any safeguards in place if their employees do not conduct themselves correctly on their networks. Our opinion is that this should not be limited by the size of a company and all companies should perform risk analyses to be able to improve their internal security in the future.