back to article UK.gov wasted £20m telling you to 'be safe online, mmkay'

The UK wasted £20m on raising awareness about cybercrime, a study has shown, as the public still knows almost nothing about protecting itself online. Research published by YouGov and CSID has shown that in spite of the National Audit Office reporting that £20m had been allocated by government in financial year 2014/15 "to …

  1. Anonymous Coward
    Anonymous Coward

    Well it's the first I've heard of it

    If the Government is so damned determined to waste money, they could do worse than just give it to me. I would at least boost the local economy by blowing most of it in tea shops, clothing and skating emporiums, then buy a nice wee house to retire to with the rest.

    1. dotdavid

      Re: Well it's the first I've heard of it

      Well okay, but only if you promise to read up on cybersecurity a bit.

    2. Anonymous Coward
      Anonymous Coward

      Re: Well it's the first I've heard of it

      > the Government is so damned determined to waste money

      Indeed. For £20m they could have posted a leaflet to every house in the country - at least more people would have heard about the campaign if they'd done so.

      1. PickledAardvark

        Re: Well it's the first I've heard of it

        Nick Tyrone who organised the Yes to AV referendum campaign has argued that a leaflet can be delivered to every UK home for £1 million.

        1. Artaxerxes

          Re: Well it's the first I've heard of it

          So thats who to blame for the dullness of that campaign.

    3. Rich 11

      Re: Well it's the first I've heard of it

      I would at least boost the local economy by blowing most of it in tea shops, clothing and skating emporiums

      You're a damn sight more restrained than I would be...

      1. mitch 2

        Re: Well it's the first I've heard of it

        I would spend half of it on fast cars, drugs and loose women. The rest I would squander.

        1. The First Dave

          Re: Well it's the first I've heard of it

          If you're going to paraphrase George Best (and many others) then at least get the (over-used) quote right, and give proper attribution.

      2. Anonymous Coward
        Anonymous Coward

        Re: Well it's the first I've heard of it

        @Rich 11 - I'm a Steampunk that's recently gotten into roller derby. And I positively NEED a new wardrobe of clothes ('cause I've been losing weight). Simple pleasures...

  2. Ru'

    Next level "marketing"; the aim is not to raise awareness in the original 20M campaign, but to leak the waste of money as a news item and get exposure that way ;)

  3. PickledAardvark

    On top of government money, companies spend their own on user education. Don't follow links on unsolicited emails. Only open attachments from "known" senders. Ignore email and attachments that are unexpected. Blah, blah.

    Unfortunately, user education doesn't really work. I know IT literate people who don't understand risk and security, and I know IT numpties who are pretty good at spotting scams. User education is really hard (I'm not sure about those Barclays Bank UK TV adverts) and phishers have become more convincing.

    1. Lee D Silver badge

      WHY DOES COMPUTER SECURITY RELY ON THE USER TO DECIDE?!

      It drives me mad.

      Just turn off anything executing from an email. Done.

      I know, as an IT Manager, the users would be in uproar for a few months but they'd soon get used to it. And then they'd be "more secure" (no such thing as "secure") for ever more.

      If the user has to decide "is this safe to do?" we're doing something incredibly, dangerously wrong.

      1. Alister

        I know, as an IT Manager, the users would be in uproar for a few months but they'd soon get used to it.

        Unfortunately, when your users include the directors and board of the company, the uproar doesn't last long - say five minutes after the first email the Chairman can't open the attachment on? Then, status quo returns, and you as an IT Manager take a long walk off a short plank.

      2. Sir Sham Cad

        Re: Just turn off anything executing from an email

        Yes, that does put an extra step between user and payload but all it takes is for the user to download attachment and then open that scary looking invoice and you've still got fileshares full of Trj_ExploitDumbUser_Crypto/A spreading the RSA4096 love.

        Nothing beats user education because the vectors and exploits are always changing but good security practise and scanning inbound attachments can help. Also: Minimal permissions on fileshares and most importantly: backups because it's only a matter of time.

      3. PickledAardvark

        "Just turn off anything executing from an email. Done."

        All those years ago when I sabotaged the .DOT file of colleagues, we didn't think that data files might be harmful -- beyond mate pranks.

        Assume that everything is executable today. That means accepting DOCs, JPEGs and BMPs as attachments to keep the business running, noting risk.

        But you are bang on right that we're doing something incredibly, dangerously wrong. And we don't know how to fix it.

  4. Unep Eurobats

    Posters on the underground

    I saw some of those. Things like a picture of a bunch of keys hanging outside a front door and the strapline 'you wouldn't do this at home so don't do it online' or some such.

    It was OK. Not too alarmist, not too technical. We like to think we're not the target market but anyone is vulnerable to the right piece of social engineering.

    1. Rich 11

      Re: Posters on the underground

      Quite so. I'm in the middle of doing important government-backed research on this subject, and it would be a great help if you could send me your name and email address if you'd like to contribute. It'll only take five minutes of your time and you stand to win a £25 Amazon voucher.

      ;-)

      1. Andy Non Silver badge
        Coat

        Re: Posters on the underground

        @Rich11. Hey didn't you used to work for Barclays, phoning customers up and telling them their account was being upgraded and can you have their full password please?

        1. Anonymous Coward
          Anonymous Coward

          Re: Posters on the underground

          Hello sir and or madam, I'm from the WINDOWS company. Your computer has a virus. Go and turn it on and I'll walk you though the cleanup procedure.

          1. Anonymous Coward
            Happy

            Re: Posters on the underground

            What Everest or Anglian?

  5. hplasm
    Facepalm

    Don't worry!

    No MP's bank balances were harmed in the making of this boondoggle.

  6. Robert Helpmann??
    Childcatcher

    Not Clear on the Concept

    A lot of cash was invested in an online site devoted to educating the public concerning the dangers of being online. Isn't that a bit like having to call the phone company to let them know you are unable to make a call? It should be obvious that at-risk individuals in this case are going to be unlikely to go to a web site to improve themselves in this regard. How would they even know they are at risk or that there was anything they could do about it after those risks came home to roost?

    1. Captain DaFt

      Re: Not Clear on the Concept

      "A lot of cash was invested in an online site devoted to educating the public concerning the dangers of being online."

      If they'd spammed Facebook with "Are you an idiot? Click here and find out!", or "Click here to learn the top ten secrets cyberterrorists don't want you to know!" links then most of the demographic they were trying to reach would have visited the site. :/

      1. Halfmad

        Re: Not Clear on the Concept

        It's be far more effective to simply link to the get safe site using IMAGES OF SILLY CATS LO!L!L

        Made you look, would work for Facebookers too..

  7. Anonymous Coward
    Anonymous Coward

    They should have gone for "Loose chips sink ships"

  8. FuzzyWuzzys

    Saw a a couple of "trendy" ads on the Underground but other than that, nothing.

    1. Anonymous Coward
      Megaphone

      "Saw a a couple of "trendy" ads on the Underground but other than that, nothing."

      What's an Underground? We other ~55M people in the UK don't generally have one of those handy advertising platforms available.

      Now, £20M gets you say 650 operational staff for a year on £30,000 gross and some admin staff to direct and pay the operational mob etc. Bet that lot could be more effective than a few crap webby thingies and ads on the London Underground even if they went door to door. £30K gets you a pretty motivated individual. OK drop 50 op. staff to allow for recruitment costs *ahem*. Anyway, the point still stands: 600 odd people getting themselves on radio/TV/knocking on doors/shouting at the public/ etc will get the message through far better than the chosen model.

  9. Anonymous Coward
    Anonymous Coward

    And they wasted how much on the survey to identify that they wasted money on the original campaign?

  10. Frumious Bandersnatch

    Gooood evening, Madam!

    Maybe the money could have been better spent paying Kayvan Novak* to do another Fonejacker series. George Agdgdgwngo needs a reprise, IMO.

    * If he's not too busy with Paddy Power ads

    1. Chris King

      Re: Gooood evening, Madam!

      * If he's not too busy with Paddy Power ads

      Not to mention "Thunderbirds Are Go" series 2.

      Of course, the original Brains never bottled it on a rescue or puked up in the back of Thunderbird 1.

  11. John Brown (no body) Silver badge
    Facepalm

    "Fieldwork...Both surveys were carried out online"

    So, not fieldwork then?

  12. allthecoolshortnamesweretaken

    "uncoordinated, ill-informed and utterly ineffective"

    Hey, three out of three ain't bad!

  13. Mark 85
    Trollface

    I don't need to reed no stinking poster or email on security. I've got McAfee and my lady uses Symantec. We're perfectly safe. <rolls eyes>

  14. Anonymous Coward
    Anonymous Coward

    Maybe they just missed the point...

    Don't most people have some idea that we "should" be safe online and children "should" be careful and we "should" do something with passwords..... the problem is that most messages about this are mixed.

    Even the people on this forum alone would have a heated discussion about exactly what steps you should take to have a secure experience. Some would argue for text browsing and turning off facebook forever, but people like me would say that is not realistic.

    So, £20M to tell you its cold outside without a consistent message to tell you how to wear a coat, is quite useless.

    1. DocJames
      Coat

      Re: Maybe they just missed the point...

      So, £20M to tell you its cold outside without a consistent message to tell you how to wear a coat, is quite useless.

      No! Never wear a coat, you'll feel all cold when you come inside and take it off.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like