A Manchester-based financial services company has confirmed that its complete annual cybersecurity budget of £8,400 was allocated to producing laminated posters asking employees to “think before you click”, despite suffering three separate data breaches in the past fourteen months.
Hartley Financial Solutions, which handles pension administration for approximately 40,000 clients, invested the sum in twenty-six A3 posters featuring a cartoon padlock with concerned eyebrows, distributed across four office locations. The posters, which arrived in September, replaced nearly identical posters from 2016 that had begun to curl at the edges near the microwave.
“We take the security of our systems extremely seriously,” said Graham Venables, the company’s IT and Facilities Manager, a role he has held since the two departments were merged in 2019. “These posters represent a significant commitment to raising awareness. We’ve placed them in all the key areas where staff might be tempted to check their personal email.”
The decision to prioritise poster-based security measures came after the company’s aging firewall, installed during the London Olympics, began routinely crashing every Tuesday. Mr Venables noted that replacing the firewall would have cost approximately £12,000, which was deemed excessive when a comprehensive poster campaign could be delivered for a third of the price.
“The feedback has been overwhelmingly positive,” Mr Venables added. “Several people have commented on the lamination quality.”
The posters, designed by a marketing agency in Stockport, feature helpful reminders such as “Is that email really from your CEO?” and “Passwords are like underwear, change them regularly.” This second slogan has appeared in British office kitchens with such consistency since 2009 that several employees initially assumed the new posters were simply the old ones that had been wiped down.
Jennifer Cope, a senior administrator who has worked at Hartley Financial for six years, confirmed she had clicked on a suspicious link approximately forty minutes after the posters were installed. “I did see the poster,” she said. “But the email said there was a problem with my parcel delivery, and I was expecting something from Amazon. It looked quite legitimate, apart from the seventeen spelling errors and the bit where it asked for my banking passwords.”
The company’s three breaches, which occurred in March, July, and October of this year, were all attributed to what Mr Venables described as “sophisticated phishing attacks that no poster could have prevented”, although he acknowledged that the October breach involved an email with the subject line “URGENT: CLICK HERE NOW FOR FREE IPAD” sent from an address ending in .ru.
Hartley Financial Solutions has announced plans to supplement its poster campaign with a mandatory online training module, which all staff will be required to complete by the end of 2026. The module, which costs £40 per employee, will feature a multiple-choice quiz and an animated video explaining that passwords should contain both letters and numbers.
“We’re really at the cutting edge of this,” Mr Venables said.