In our latest instalment where we put a member of our trusted partners group in the hot seat, we find out how Paul Silcox from Knox Cyber Security started his cyber career, why charities make a beeline for the team’s cyber services and his top tips for those with little cyber knowledge.

Can you tell us who you are and what you do within Knox Cyber Security?

My name is Paul Silcox and I’m a director and principal consultant at Knox Cyber Security.

How did your career in cyber security begin?

I started working in cyber security by accident in 1999. I was working as a network manager for a managed service provider which was seeking to undertake BS7799 (the forerunner of IS27001) for a client. I was the consultant selected for that task and thrown in at the deep end. This then led to many engagements, all cyber security within the private and public sector. Don’t let my youthful looks fool you , I’m now in my 24th year solely practicing cyber security.

What’s the best thing about working at Knox?

The flexible working arrangements, the support to all staff for training and career progression, the strong ‘esprit de corps’, the fantastic support for community charities, and how each day is different. After 24 years I still find something new each day, and each day with our wonderful clients present us with new opportunities to excel at our practice. A client once called us the Jerry Maguire of Cyber Security. A fantastic compliment!

What size companies do you work with?

There is no limit to the size of companies we work for. We have worked for sole traders, small financial companies, medium legal firms, large departments within UK Government’s ‘Critical National Infrastructure’ sectors, right the way up to international pharmaceutical conglomerates with many thousands of staff. Of interest is they are all looking to achieve the same - an improvement in their cyber security posture.

What do you see small/medium companies and charities struggling with in terms of cyber security?

They often struggle with the interpretation of sometimes confusing advice from technical authorities. As in most professions, there is jargon. Our expertise lies in the translation of sometimes complex security principles into easy-to-understand actionable guidance. We also offer discounts for those in the third sector and are often their ‘go-to’ consultancy for cyber security queries and issues.

What is Cyber Essentials and why should companies get Cyber Essentials accreditation?

The current business climate is such that instances of cyber security breaches are becoming increasingly frequent. Many organisations are making the wise move of implementing controls such as ISO27001 – but such efforts only constitute a single aspect of a balanced over-arching cyber security strategy.

Cyber Essentials has been developed to address the need for businesses, small and large, to ensure that they, their partners, and suppliers are implementing a standard level of cyber security. Certification in Cyber Essentials not only instils confidence in the organisation achieving certification – but allows the organisation to provide evidence to its customers and stakeholders that their assets and data are resilient against cyber threats.

Cyber Essentials can often give those holding the certification a commercial advantage over those without. Quite simply, customers want to do business with companies that take their security seriously.

What three tips would you give a company with little knowledge of cyber security?

Limiting to three tips are quite a tall order, but if pushed I’d have to say the following:

1. Protect your systems using a strong and separate password. Consider using a passphrase or three random words. Use a password manager and enable multi-factor authentication if the technology allows.

2. Be sure to install all the latest updates to your apps and operating systems. Statistics vary but it is considered that more than 75% of all attacks would not have happened if the systems breached had simply been updated.

3. Back up your data. The most common methods for creating resilient data backups is to follow the ’3-2-1’ rule; at least 3 copies, on 2 devices, and 1 both offsite and offline. This strategy is popular because it scales effectively and can give you confidence that your critical data is safe from a localised incident.

And our final question – what is your favourite view/landscape in Wales?

Oh that’s easy. It has to be the view from the Welsh hillside in the Wye Valley, looking south towards Tintern Abbey. Just beautiful! It’s no wonder that Constable found it so mesmerising.