![\"\"](\"https:\/\/cdn-01.cms-eu-v2i.applyflow.com\/identifi-global\/wp-content\/uploads\/2022\/03\/JohnUnsworth.jpeg\")
<\/p>\n\n\t<\/p>\n
\n\tEstablished in 2015 as a joint venture between the Mayor of London, the Metropolitan Police, and the City of London Police, The London Digital Security Centre is at the coalface of protecting SME\u2019s from the real and growing threat of cyber crime. At a time when computer misuse offences are estimated to be around<\/span> two million<\/a> a year, the Centre\u2019s mission is to educate business owners and employees about the real implications of cyber crime and give them practical tips on how best to protect their organisation. <\/p>\n \n\tOffering free membership and impartial advice,, they are the first port of call for the capital\u2019s one million SME\u2019s, many of which are targeted by cyber criminals.<\/p>\n \n\tAn expert in financial and cyber crime, <\/span>John Unsworth<\/a>, Chief Executive of London Digital Security Centre, has led national intelligence activities and previously worked with the Global Cyber Alliance. We caught up with John to get the lowdown on his organisation, what businesses can do to help themselves and why it\u2019s not all doom and gloom…<\/p>\n \n\tJohn Unsworth: <\/span><\/strong>We were set up by the Mayor of London in 2015, as a joint venture with the Met police and the City of London police. The whole point of it was to give small and medium-sized businesses in London somewhere to go to for advice and guidance on how to be better protected against cyber crime. We also offer support in finding the right products that can help them be more secure. Really, we were set up because SMEs were struggling with cyber crime threats and they needed someone they could trust to give them some advice.<\/p>\n \n\tJU: <\/span><\/strong>Because there are a million of them in London, so they\u2019re the backbone of the economy. Big organisations have the financial resources, personnel resources etc, to be able to dedicate energy into cyber security, but some of the smaller ones don\u2019t. <\/p>\n \n\tWe are an organisation that you can come to and say, \u2018This is how we work, this is what we do, what do I need to have in place?\u2019<\/p>\n \n\tJU: <\/span><\/strong>Every organisation, every business, has been forced online. Many people want to be there, but there are also many organisations that don\u2019t want to be there. Lots of businesses have grown from being purely in the physical space to now being virtual as well, which is fantastic, it brings lots of business benefits. But we live in a world where we\u2019re unaware of how dangerous it is to operate online and we\u2019re unaware of how criminals actually target us, and we\u2019re not conscious of the different methods in which they do it. <\/p>\n \n\tA good way to illustrate it is to compare the physical space with the digital one. If you run a shop on a high street and you\u2019re locking up at the end of the day, you\u2019ll pull the shutters down, you\u2019ll put the alarm on, you\u2019ll have a master lock and so on and so forth. But online, what people have tended to do in the last few years is buy in someone to do the website, so they\u2019re taking custom via the website but they don\u2019t know what level of security is on there, they don\u2019t know the vulnerabilities. <\/p>\n \n\tA lot of the crimes that we see come from very simple things, like phishing emails or emails that come in pretending to be from a supplier saying \u2018we\u2019ve changed our bank details, so can you just pay your invoice now and send it to our new details\u2019. These types of things, while they might not be massive in terms of financial losses, for a small or medium-sized business, it could be enough to go under. The impact can be really incredible. We\u2019re not talking about just losing a bit of money and getting insurance payouts, we\u2019re talking about businesses not being able to operate, we\u2019re talking about employees not being able to be paid. The challenges that people have are firstly understanding why and how they are at risk, and secondly, understanding what they can do about it and what the business benefits of it are. <\/p>\n \n\tIt was recently announced that Yellow Pages is shutting down and that\u2019s because no one ever flicks through those books anymore. But in the past if you were looking for a plumber or an electrician, you\u2019d go to the Yellow Pages, you\u2019d flick through, find someone local, get them out for a quote and then you\u2019d get the job done, wouldn\u2019t you? <\/p>\n \n\tWhen it comes to cyber security what do you look for? What do you type into Google? How do you know which organisations are trusted ones? How do you know it\u2019s the right solution for you? How do you know that the cost is fair? That\u2019s part of what we\u2019re trying to do <\/span>\u2014 cut through the noise and the nonsense. We look at how organisations work and operate and determine which measures they should have in place. <\/p>\n \n\tJU: <\/span><\/strong> We engage with them in two ways. On scale, we engage through the website, so we encourage businesses to come to our website to join up as a member. As part of the membership we get them to complete a digital security assessment. We ask them questions about how they operate online: Do they have a website? Do they have social media? If they do, do they manage it themselves? How many devices do they have that connect to the internet? Do they use their own devices or are they company issued devices? Questions like that. <\/p>\n \n\tFrom those assessments we\u2019re able to send each organisation an action plan, highlighting where we believe there are areas that they could improve on their security and pointing them in the direction of some of the services that are free of charge for them – that\u2019s on scale. <\/p>\n \n\tThe way we do face-to-face is through a programme called \u2018In the Community\u2019. We work with the Met police and the City of London police and go to every borough across London with a uniformed officer, visiting SMEs and taking them through the risk assessment that I\u2019ve just described. On a one-to-one we spend 15 minutes with them and go through a basic assessment of their current security and then give them some protection advice, but obviously it\u2019s just not possible to deal with a million businesses in that way. <\/p>\n \n\tThe majority of businesses that need the most help are the ones who wouldn\u2019t find us on a website because they wouldn\u2019t be looking for us. The difference, again, with some of the smaller businesses compared to bigger businesses is they\u2019re busy people and they\u2019re busy doing the job that they\u2019ve set up in the organisation that they\u2019ve setup. Often security is put on the back burner and we\u2019re trying to teach people to get ahead of it and see it as a real business enabler, because once it goes wrong, it\u2019s a nightmare to fix.<\/p>\n \n\tJU: <\/span><\/strong>In general I would say yes. It\u2019s all over the media, like you say, and we\u2019re seeing more of it. But to give the example of WannaCry<\/a>: a week after that happened we were in a room with a number of SMEs and they hadn\u2019t heard of it. They hadn\u2019t heard of the NHS attack<\/a>. <\/p>\n \n\t \n\tIt\u2019s perhaps because they don\u2019t go home and watch BBC News or Sky News or they\u2019re not looking on the mobile apps to see what the latest cyber security stories are – they just bypass them. We in the industry think incidents like that might be a tipping point, but they\u2019re not. There have been many, many incidents and many large-scale cyberattacks, but it only really becomes personal to the majority of people when it hits them personally.<\/p>\n \n\tJU: <\/span><\/strong>Yes, and it is amazing that you can buy something from a shop up in the North of Scotland and have it delivered to you a couple of days later. The fact that it\u2019s opened up the market is incredible but it does come with risks and what we\u2019re trying to do is get businesses to understand those risks and deal with them.<\/p>\n \n\tJU: <\/span><\/strong>It\u2019s both. Technology can eradicate a lot of the threat. You can block phishing emails and emails when you don\u2019t know the sender. But you also need people to understand that they shouldn\u2019t be clicking on links and you need them to understand that when they\u2019ve finished using a laptop, they should turn the whole machine off so it can do its updates. The reason WannaCry was so rampant was because it affected unpatched machines. <\/p>\n \n\tIf we can get people to be more secure at home then we\u2019ll get them to be more secure at work – because the likelihood is there are lots of people using the same passwords for their home online accounts as they are for their work one. If someone buys something from an online retailer and that retailer gets breached and they\u2019ve used the same credentials, then that puts the business at risk.<\/p>\n \n\tI think we need to shift the narrative. I was at an event last week and it got a bit frustrating, to be honest, because we talked about all these kind of issues and they said, \u2018Come in and talk to my IT team.\u2019 I thought \u2018I don\u2019t want to come and talk to your IT team. Your IT team know what they\u2019re doing. I want to come in and talk to the senior executive, of which you\u2019re one, who doesn\u2019t get what we\u2019re trying to talk about here and you\u2019re just lumping the responsibility onto technical folk.\u2019 That\u2019s not the right way of doing it <\/span>\u2014 security is everybody\u2019s responsibility but it\u2019s got to be led by senior officials or senior persons in each business. <\/p>\n \n\tJU: <\/span><\/strong>I think GDPR is a very good thing. I think what the Information Commissioner\u2019s Office are doing about marketing it and getting it out there at the minute is really good as well, but I don\u2019t think it\u2019s hitting home with the businesses we\u2019re talking about. I think the bigger organisations are preparing themselves for it. There are a lot of people setting themselves up as a GDPR specialist and, actually, creating a bit of a web of distrust and scaremongering about it. <\/p>\n \n\tAll GDPR is saying to a business is, \u2018Do you know what data you\u2019ve got? Do you know why you\u2019ve got it? And do you know where it is stored?\u2019 If you can say yes to those then you\u2019re not too bad. It talks about doing all you can to protect it and if you can demonstrate that you are taking your security seriously then that\u2019s good. GDPR is actually an enabler, I think, to good security. The stick, obviously, is that for some organisations who are in breach and haven\u2019t taken notice of it, there can be massive fines. <\/p>\n \n\tI think it\u2019s a welcome shift because I\u2019m of the belief that the thing that\u2019ll make a difference is consumers having more knowledge about, and interest in, what organisations do with their data. One of the analogies I use a lot in presentations is that I have a young daughter and I\u2019m looking around for nurseries to put her into. The first thing I look at is how safe the place is, and what ratings they have, as opposed to how much it costs. That\u2019s because I value the safety of my daughter. <\/p>\n \n\tWe now need to get to the point where consumers are thinking \u2018I\u2019m giving away all my identity details to you just for the sake of buying something, are you going to look after that? Or are you going to put me at risk? If you put me at risk are you going to tell me if something goes wrong? Because you haven\u2019t in the past.\u2019 This is why there are so many email addresses and passwords that are out there that have been compromised and folk don\u2019t know about it. <\/p>\n \n\tJU: <\/span><\/strong>Yes, I think we\u2019re doing a lot. The creation of the National Cyber Security Centre <\/a>is a big step forward. That sets the standards and gives all the relevant information that people need, so I think that\u2019s great. The problem is getting people to know about it!. <\/p>\n \n\tFrom a crime perspective, the <\/span>City of London police<\/a> does a great job in terms of running Action Fraud<\/a>, which is the national fraud and cyber reporting centre, and the police do what they can in terms of investigations. But there are just so many – more than half of all crime now is cyber related. When you look across the country it\u2019s something like 0.01% of all police resources are dedicated to investigating crimes that are actually constituting more than half of policing demand, so there does need to be a shift in that sense, but it is happening. <\/p>\n \n\tBack in the day, people used to leave their doors open, didn\u2019t they? Because it was a safe thing to do. That changed because crime increased. I think this will happen in the cyber world <\/span>\u2014 the public and businesses need to take far more ownership of their own security in order to help prevent it. We can\u2019t be expecting others to come along afterwards and sort the issue out for us. <\/p>\n \n\tWhere there\u2019s been a serious cyber attack committed by sophisticated, organised crime groups, then the police, the National Crime Agency, the NCSC, they\u2019re there for that but they can\u2019t respond to every single loss of data <\/span>\u2014 it would just be a ridiculous use of resources. We\u2019ve got to take more ownership of what we\u2019re doing and, again, bringing it back to why the London Digital Security Centre exist, that\u2019s really where we try and come into it. We\u2019re here to tell people that a lot of this isn\u2019t hard, it\u2019s just about actually taking ownership yourself. <\/p>\n \n\tAnd so often it\u2019s little things that can make a big difference. Turning on two factor authentication your devices, for instance. One of the things we say to people is create an admin account, never ever use<\/span> that to open email addresses and never go on the internet with that, just have that simply as the admin account. Add yourself as a user and then you can browse and do anything you want to do. If you download something bad, it\u2019s not as impactful as if you were the admin on the computer because not being the admin means that you can\u2019t make changes to the infrastructure.<\/p>\n \n\tSo it\u2019s little things like that, that can make a difference for businesses, just separating things. The recent <\/span>Ransomware<\/a> problem is a good example. Ransomware is a computer virus that threatens to delete your files unless you pay a monetary ransom. <\/p>\n \n\tA few weeks back there was a <\/span>major attack<\/a> throughout Europe, affecting all sorts of industries, including banks and airlines, and we got asked the question a lot, \u201cOh, should I pay?\u201d And the advice is, well, you shouldn\u2019t really pay because it\u2019s blackmail. If you\u2019ve backed up all your data and you\u2019ve got all that saved on a memory stick or external hard drive, just switch the machine off, wipe it and start again. But if you haven\u2019t backed all your data up and you are at risk of losing something, then we would still advocate you don\u2019t pay but you\u2019ve got a difficult decision to make, haven\u2019t you? You might have your whole work catalogue on there, you might have all your personal contacts on there, your recordings etc \u2014 things which are of value to you.<\/p>\n \n\tJU: <\/span><\/strong>The main plans are to continue as we\u2019ve been doing: to get out across every borough in London to make sure that we are engaging with businesses in their place of work. We want to use relationships with people like Identifi Global, Federation of Small Businesses, some of the banks and the police, to reach more businesses online and to get them to join up to the membership scheme. <\/p>\n \n\tWe do lots of events, workshops and master classes where we take people through the specifics and help them implement some of the controls <\/span>\u2014 and they\u2019re all advertised through our website. Giving information out is good but action is far better. The way we do that is by giving people actions and suggestions after the initial assessment about things that they can do. Then we bring them along to workshops and after that we reassess them. What we should start to see is that actually they are more safe and secure online.<\/p>\n \n\tJU:<\/span> <\/strong>There\u2019s suggestions it could be. I think it would be a good thing to roll it out nationally using the same model through the policing network and so on. But at the minute, all our focus is on ensuring we are making the Centre work for the SMEs operating in London<\/p>\n \n\tJU: <\/span><\/strong>The only thing I would say is there\u2019s a lot of scaremongering about cyber security, and fear doesn\u2019t change the world. We try to take responsibility by showing businesses the benefits of being a more secure organisation, rather than just scaring them with the prospect of losing money or getting fined. Security\u2019s a great business enabler but we\u2019ve got to stop scaring people into change and just help them make the change because it\u2019s a good thing to do and it will make a big difference to their future.<\/p>\n \n\tA huge thanks to John for taking his time to speak to us. If you\u2019re interested in finding out more about the London Digital Security Centre, <\/span>head here<\/a>. <\/p>\n \n\tIf you\u2019re looking for your next career step in cyber security, , business IT or Digital you can <\/span>search our latest jobs here<\/a>. Or why not book a 121 session with one of our consultants to discuss the market, your own situation and whether or not this is a good time for you to be considering a move. Sometimes it\u2019s the \u2018not knowing\u2019 that stops us making a change – get in touch for a consultation. We don’t simply collect CVs, we always try to advise. Call us on 01908 886 048.<\/p>\n \n\t <\/p>\n \n\tImage via Unsplash<\/a><\/em><\/p>\n Established in 2015 as a joint venture between the Mayor of London, the Metropolitan Police, and the City of London Police, The London Digital Security Centre is at the coalface of protecting SME\u2019s from the real and growing threat of cyber crime. At a time when computer misuse offences are estimated to be around two… Read More »London Digital Security Centre – Interview with John Unsworth<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":14226,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[39],"tags":[],"class_list":["post-15084","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-news-trends"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/posts\/15084","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/comments?post=15084"}],"version-history":[{"count":0,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/posts\/15084\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/media\/14226"}],"wp:attachment":[{"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/media?parent=15084"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/categories?post=15084"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/tags?post=15084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n\tIdentifi Global: Could you give us the official line about the Centre? Who are you, why do you exist and how do you help?<\/h3>\n
\n\tIG: Why is it specifically SME-focused?<\/h3>\n
\n\tIG<\/span>: So aside from the cost of cyber security people, what are some of the biggest challenges that SMEs have when it comes to cyber security?<\/h3>\n
\n
\n\tIG: You talked about how there are a million SMEs in London. How hands-on is the London Digital Security Centre? Are you available to all these one million SMEs for them to get in touch? What\u2019s the process if they have questions, do they go on the website or is it a personal kind of consultation?<\/h3>\n
\n\t“Once it goes wrong, it\u2019s a nightmare to fix.”<\/strong><\/h4>\n
\n\tIG: There have been some quite high profile cyber-security attacks recently – are more people becoming aware of the issue and the need to get on top of cyber-security, in your opinion?<\/h3>\n
![\"\"](\"https:\/\/cdn-01.cms-eu-v2i.applyflow.com\/identifi-global\/wp-content\/uploads\/2022\/12\/CyberAttack.jpg\")
<\/p>\n\n\tIG: Would you say a lot of SMEs are online because they need to be rather than they want to be?<\/h3>\n
\n\tIG: Do you think cyber security is a tech challenge or a human challenge? Is it about engendering a culture of cyber security in a business or is it a case of just getting the right security in place?<\/h3>\n
\n
\n\tIG: The new GDPR rulings are coming in next year and part of that is how you handle and protect your data. Is it just another layer that people are going to ignore or is it going to be the catalyst to make people sit up and think about cyber security?<\/h3>\n
\n\t“GDPR is actually an enabler, I think, to good security.”<\/strong><\/h4>\n
\n\tIG: Talking more broadly <\/span>\u2014 not just about SMEs \u2014 you\u2019ve worked in cyber security for a fair while with the police and beyond. Do you think, as a country, we\u2019re well prepared?<\/h3>\n
\n\t“We\u2019re here to tell people that a lot of this isn\u2019t hard, it\u2019s just about actually taking ownership yourself.”<\/strong><\/h4>\n
\n\tIG: What\u2019s next for the London Digital Security Centre? <\/h3>\n
\n\tIG: Are there any plans for this to be rolled out nationally? <\/h3>\n
\n\tIG: Is there anything else we haven\u2019t covered that you think is essential?<\/h3>\n
\n\t <\/div>\n","protected":false},"excerpt":{"rendered":"