This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Infosec 2013 : Squeezed budgets mean security education Is vital

Share this article:
As security budgets get squeezed in a time of austerity, companies need to seriously focus on education, training and awareness.

This was a key message from Infosecurity 2013, with IT bosses agreeing this was the best way to create good security without having to break the bank.

Graham McKay, CISO at Scottish publisher DC Thompson, said: "We are all facing considerable budget pressures, with an increasing threat landscape. It's a challenge.

"But we've adopted the approach of education, training and awareness.Educating our staff, getting the best value for money. Identifying what our information assets are, and taking the best approach to protect those."

Cal Judge, Head of Information Security at Oxfam UK, agreed that education was vital. He said that it was key to get staff interested in information security, and buy into it.

"You can do this through various methods," he said. "For us it is about for example, creating an online course that is entertaining and interactive.

"You can take a story about a celebrity getting their Twitter account hacked, use that scenario, and get staff buying into the idea that password security is essential to securing their account.

"People don't remember doing boring courses, and if they are having fun during the process, they are more likely to remember."

Michelle Tolmay, security officer at online retailer, said all new starters in her business needed to undergo security awareness training. 

She said that she checks their Facebook and Twitter accounts before they start, and reveals personal facts about them she discovers at the beginning of the session.

Tolmay said, "People start thinking, hang on, what have I actually put out there to find that information? We're quite lucky as most ASOS staff are customers.

"Not only do we make it personal because of how they need to protect themselves in their day-to-day lives, we can take that one step forward and show how customers of ASOS need to protect themselves.

"Staff will take more interest because they know that if there is a data breach, it's not the information of random people around the world - it's theirs."
Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Turn off WPS on routers for WiFi security

Turn off WPS on routers for WiFi security ...

A Swiss researcher is advocating turning off WPS to secure routers after finding a flaw that eliminates the randomness of codes generated by some routers when WPS is switched on...

Apple's iCloud hacked, nude celeb photos posted

Apple's iCloud hacked, nude celeb photos posted

Questions have been raised about the security of Apple's iCloud service, after a hacker posted nude pictures of celebrities to the 4Chan forum, claiming they were obtained after a hack ...