This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Infosec 2013 : Squeezed budgets mean security education Is vital

Share this article:
As security budgets get squeezed in a time of austerity, companies need to seriously focus on education, training and awareness.

This was a key message from Infosecurity 2013, with IT bosses agreeing this was the best way to create good security without having to break the bank.

Graham McKay, CISO at Scottish publisher DC Thompson, said: "We are all facing considerable budget pressures, with an increasing threat landscape. It's a challenge.

"But we've adopted the approach of education, training and awareness.Educating our staff, getting the best value for money. Identifying what our information assets are, and taking the best approach to protect those."

Cal Judge, Head of Information Security at Oxfam UK, agreed that education was vital. He said that it was key to get staff interested in information security, and buy into it.

"You can do this through various methods," he said. "For us it is about for example, creating an online course that is entertaining and interactive.

"You can take a story about a celebrity getting their Twitter account hacked, use that scenario, and get staff buying into the idea that password security is essential to securing their account.

"People don't remember doing boring courses, and if they are having fun during the process, they are more likely to remember."

Michelle Tolmay, security officer at online retailer ASOS.com, said all new starters in her business needed to undergo security awareness training. 

She said that she checks their Facebook and Twitter accounts before they start, and reveals personal facts about them she discovers at the beginning of the session.

Tolmay said, "People start thinking, hang on, what have I actually put out there to find that information? We're quite lucky as most ASOS staff are customers.

"Not only do we make it personal because of how they need to protect themselves in their day-to-day lives, we can take that one step forward and show how customers of ASOS need to protect themselves.

"Staff will take more interest because they know that if there is a data breach, it's not the information of random people around the world - it's theirs."
Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...