This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Infosec 2013 : Squeezed budgets mean security education Is vital

Share this article:
As security budgets get squeezed in a time of austerity, companies need to seriously focus on education, training and awareness.

This was a key message from Infosecurity 2013, with IT bosses agreeing this was the best way to create good security without having to break the bank.

Graham McKay, CISO at Scottish publisher DC Thompson, said: "We are all facing considerable budget pressures, with an increasing threat landscape. It's a challenge.

"But we've adopted the approach of education, training and awareness.Educating our staff, getting the best value for money. Identifying what our information assets are, and taking the best approach to protect those."

Cal Judge, Head of Information Security at Oxfam UK, agreed that education was vital. He said that it was key to get staff interested in information security, and buy into it.

"You can do this through various methods," he said. "For us it is about for example, creating an online course that is entertaining and interactive.

"You can take a story about a celebrity getting their Twitter account hacked, use that scenario, and get staff buying into the idea that password security is essential to securing their account.

"People don't remember doing boring courses, and if they are having fun during the process, they are more likely to remember."

Michelle Tolmay, security officer at online retailer ASOS.com, said all new starters in her business needed to undergo security awareness training. 

She said that she checks their Facebook and Twitter accounts before they start, and reveals personal facts about them she discovers at the beginning of the session.

Tolmay said, "People start thinking, hang on, what have I actually put out there to find that information? We're quite lucky as most ASOS staff are customers.

"Not only do we make it personal because of how they need to protect themselves in their day-to-day lives, we can take that one step forward and show how customers of ASOS need to protect themselves.

"Staff will take more interest because they know that if there is a data breach, it's not the information of random people around the world - it's theirs."
Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

China refutes new FBI hacking claims

China refutes new FBI hacking claims

It's been another week of claims and counterclaims as the US and Chinese governments accuse each other of deviant cyber security practices.

SC Exclusive: Bank of England to appoint new CISO in January

SC Exclusive: Bank of England to appoint new ...

Bank of England Chief Information Security Officer (CISO) Don Randall is to leave his post in the New Year to take up an unspecified supervisory role, with William Brandon set ...

Sandworm vulnerability seen targeting SCADA-based systems

Sandworm vulnerability seen targeting SCADA-based systems

Hard on the heels of the `Sandworm' spy group revealed by iSIGHT Partners earlier in the week, Trend Micro says its has spotted the zero-day vulnerability of the same name ...