We’re giving you a glimpse at some of the inner workings of the WCRC! Find out how the centre’s Director Paul Peters, the team and a network of Welsh businesses, organisations, associations, policing and academia work closely together to help small businesses, charities and other third sector organisations increase their cyber security awareness and become better protected from threats.
As the WCRC director how ‘hands-on’ are you in regard to the day-to-day running of the centre?
Very hands on! With a team of two, there is no room for not being hands on! On a daily basis I will be checking the finances, reconciling payments in our accountancy package, looking at progress on our CRM and following up leads.
I’ll also be preparing governance reports, discussing marketing strategies, meeting with stakeholders and other organisations where there are opportunities to collaborate, meeting with our community ambassadors, our Cyber Essentials partners, and discussing services with potential customers.
As well as this, I draft our newsletters and blogs focusing on raising awareness of steps that businesses can take to reduce their vulnerabilities to cybercrime and also attend networking opportunities and presenting at events across Wales.
What type of businesses and organisations do you find yourself liaising with on a day-to-day basis if at all?
I don’t think I can say there is a type of business or organisation that I liaise with on a day-to-day basis. By this I mean we work closely with membership organisations such as the Federation of Small Businesses, Chambers Wales and FORCardiff, which are all part of our advisory group, but then I could be talking to a bank, insurance broker, IT or cyber security company, trade bodies, Welsh Government, policing colleagues, members of our management board, networking groups, local authorities, and larger businesses where we are keen to provide support to their supply chains. So, it can be quite a mixed bag, but the variation is also one of the reasons that this is such an enjoyable role.
What is the most common challenge members get in touch about and what is the process for helping them with a solution?
Most members who get in touch just want to learn more about what they can do to protect themselves from cybercrime. It is an area that some businesses are fearful of, some think it won’t affect them and others just haven’t thought about it.
Every business or charity that signs up for our free core membership has the opportunity to have a half-hour meeting with a team member from the centre, and these conversations generally revolve around back-ups and introducing multi-factor authentication. We are also seeing that businesses that have been members for a while, are contacting us to learn more about our services, particularly staff awareness training and website vulnerability assessments.
These are the services that we can provide at a discounted price through our CyberPath team, which are the first steps to building your cyber resilience. We are also seeing that some members are sharing their experiences with us, particularly phishing emails they have received. This means that we can alert the rest of our membership to this method of attack, ensuring they have the awareness to prevent them becoming the next victim.
As the WCRC director you are regularly asked to present at events and webinars, how many of these do you get asked to do on any given week and how positive are they to driving awareness of the work the centre delivers?
We are asked to present at events, generally about four or five a month but I would say we have the capacity to support more events should any organisation be interested. We look at opportunities to present across Wales, and regularly find ourselves on the road around to all parts of the country. Presenting at events are great opportunities for us to highlight the support we offer to businesses and the services we offer.
Being able to talk directly to a business is a key part of our engagement strategy, and allow us to ‘demystify’ cybercrime, focus on simple measures that can be put in place, and demonstrate that cyber security applies to everyone.
An example of this is the discussions around passwords, which often reveal the extent of poor password security, so by recommending the use of three random words, we can show that cyber security is not just an IT issue, but something that everyone in an organisation, whether a sole trader, micro, small or large business, can contribute to.
Do you feel it’s important to build your own profile as the director of the centre as well as the centre itself?
This is something which was very alien to me when I took on this role, but it is important to have a public profile as the figurehead of the WCRC. One of my previous roles in policing was to head up the Southern Wales Regional Cyber Crime Unit for five years, leading investigations as the senior investigating officer. This gave me a real insight into the impact of cybercrime on businesses and individuals, but also how cybercriminals work, and how so many attacks could have been prevented by taking simple security steps.
So, with this background it is important that I build visibility across our communities to enhance the credibility of the WCRC and allowing me to use real-world examples to support our messaging. Having a public profile also helps to open doors to various networking circles, which can lead to valuable opportunities to promote the centre and the support we offer to small businesses. I am also keen to influence behaviour by sharing my insights and opinions, and having a public profile helps this.
How much connectivity do you have with the rest of the CRC network directors?
Connectivity with the rest of the CRC network directors is strong. We meet in person every quarter, and monthly online. This gives us a chance to share best practice and to discuss some of the challenges that we face. It is also a very useful support mechanism, and frequently we will contact each other to discuss particular areas of business. We also look to work with different centres, such as joint blogs with the director of the Eastern CRC, and also the South West CRC. We have jointly promoted an event on the border with the West Midlands CRC, and we are looking at also working on some collaborative marketing aimed at particular sectors.
How does this role differ to your previous roles within policing?
Massively! Coming into this role I had the benefit of experience of investigating cybercrime and some business engagement, but no experience of setting up and running a not-for-profit company. Virtually all my career has been as a detective, with roles in investigating serious crime, including being a murder SIO (senior investigating officer) and an SIO investigating serious and complex cybercrimes.
This experience has definitely helped as a decision maker, a communicator and also being resilient to the pressures that all business owners no doubt experience. But I have had a steep learning curve when it has come to understanding accounts, tax returns, business budgeting, developing sales and marketing strategies.
Thankfully I have some great support that has helped me develop my understanding in these areas. But I also feel that having had that experience of setting up and running a company, I have a greater understanding of the pressures, and priorities of business owners, which I hope allows me to better communicate with them.
If you’d like to speak with us about your cyber security questions or challenges, please contact us. The WCRC’s Head of Cyber and Innovation Paul Hall will be sharing details about his role in the second part of this behind-the-scenes series.