Security chiefs at Infosecurity Europe 2014 urged companies to raise awareness of cyber security by simply talking to employees about how to protect their own home PCs and laptops.
Channel 4 CISO Brian Brackenborough explained that the security team at the broadcaster try to speak to employees about consumer security protection in the expectation that this will make them think about the same issues at work.
“We try speaking to them about antivirus and how they use it at home, and once they associate themselves with it, they start thinking about it at work,” he said.
Meanwhile, insurance firm AXA UK has lunchtime drop-in sessions for employees who want to learn more about protecting their own devices.
“We’ve had lunchtime drop-in sessions where we’re not talking about corporate security but consumer protection, and people want to hear about this. If you’re talking about taking steps to protect the consumer, it is very similar to some of the steps in protecting corporate PCs,” said the firm’s head of security, Michael Colao.
But David Cass, CISO of information solutions provider Elsevier, believes that it is hard to get employees to want to invest time in security.
“Companies have to do awareness in a short and easily digested way – no one wants to sit through 45 minutes of security awareness training. However, I think we are making progress [as an industry],” he said.
The Home Retail Group, owner of retailers Homebase and Argos, used a different technique to raise awareness of phishing emails, and how to avoid them.
“We got a guy dressed up as a gnome and went out across the office and handed out pamphlets and asked the employees to come to us if they had any questions. After a couple of weeks we had been very successful in ensuring that phishing emails were no longer an issue,” Home Retail Group’s head of information security, Lee Barney, explained.
See the video below for the latest IT news from Computing.