Employees’ Awareness of Information Security Risks in An Enterprise: A Case Study of Telecommunications Company in Poland

Information security is a very important aspect of the functioning of every company, especially in the era of unstable political and economic situation in Europe and in the world. Increasingly frequent cyberattacks and theft of information from the company raises the need for research in this area. The literature on the subject and the available norms and standards in the field of information security organize the knowledge on this subject, but they do not show good practices and practical solutions for companies from various economic sectors. Therefore, the deficiencies in this area became the motive of this research. First of all, the human factor in the company and its approach to information security were taken into account. Undoubtedly, this has an impact on the entire ICT security system. In this regard, the results of surveys concerning the assessment of employee awareness in the context of the role and significance of information security in an organization are presented. Moreover, an analysis and risk assessment of existing ICT threats was carried out using recommended computer software. Then, conclusions were presented concerning the current level of information security and ICT security systems in the surveyed company in relation to the current knowledge and approach of employees to these issues. This article does not exhaust the studied issues, and therefore the research concerning assessing the level of information security should be re-examined after introducing improvement measures and corrective mechanisms in the company. Control results would allow to better identify the source of threats to information security, including ICT security, and then streamline processes in the company, also for  other companies in the sector.