Original Article published on SafetyDetectives.com by Shauli Zacks on 24th January 2025.

In this exclusive interview with SafetyDetectives, Joseph Ross, Chief Technology and Finance Officer and Head of Cyber Innovation at the South West Cyber Resilience Centre (SWCRC), shares his insights on the organisation’s mission to bolster cybersecurity for businesses in the South West. Ross discusses the unique role of SWCRC, its partnerships with law enforcement and universities, and the key cyber threats facing SMEs today. He also offers valuable advice for businesses just starting to address their cybersecurity needs, highlighting the importance of ongoing awareness and training in an increasingly complex digital world.

Can you share a brief overview of your role at the South West Cyber Resilience Centre and how the organization supports businesses in the region?

My name is Joseph Ross. I’m the Chief Technology and Finance Officer, and the Head of Cyber Innovation at the South West Cyber Resilience Centre. We’re a police-led initiative, but also a company in our own right, hence the two job titles. As a company director, part of my role covers the administration of the business, including our own information security practices, technology usage, budget management, and financial forecasts.

On the operational side, we focus on being present in the community, raising awareness of cyber resilience, and providing our community with threat intelligence and news to keep them updated on local threats. My role as Head of Cyber Innovation involves making strategic partnerships with businesses and business groups to help our mission of making businesses in the Southwest more cyber resilient.

What inspired the creation of the SWCRC, and what makes it unique compared to other cybersecurity initiatives in the UK?

The South West Cyber Resilience Centre and other CRCs within the national network were created as an addition to the current Cyber Protect network, as a business-focused initiative to curb cybercrime and fraud in the UK. Unlike Cyber Protect, which focuses on raising awareness with a wide scope, our initiative specifically targets businesses, from micro to medium-sized, and keeps them engaged long-term. Once businesses join us, it’s not just a one-time interaction; they stay connected with us and continuously receive updates.

We offer a unique blend of both the private and public sectors. Our core membership is completely free, and it’s where most of the value of the CRCs lies. Businesses learn about cyber risks and establish good practices continuously. The cybersecurity landscape changes rapidly, and we ensure businesses remain updated regularly.

What are the most common cyber threats faced by SMEs in the South West, and how does the SWCRC help businesses combat them?

The biggest vulnerability that SMEs face is their awareness and training. Many business owners don’t view cyber as a priority, which leads them to make bad decisions, leaving their digital front doors wide open. This lack of awareness isn’t their fault; when they’re setting up a company, no one mentions cybersecurity.

Once businesses join our community, they receive a base 12-week plan to establish good practices. This plan is instrumental in changing behaviours. A common issue among small businesses is misconfigured or improperly enabled protections on websites, emails, and social media. Passwords are often shared between platforms, especially for both personal and business use. These gaps make SMEs easy targets. Without proper awareness and training, they’re leaving their front door wide open.

How do your partnerships with law enforcement and universities enhance the services you provide to members?

Our work with law enforcement is what makes us unique. We’re not here to generate revenue; in fact, we don’t charge any members of our community to join. Our Home Office funding and police-led support allows us to cover all of England and Wales with the Regional CRCs and the National Cyber Resilience Centre Group.

Our collaboration with regional policing provides local intelligence, which we use to inform our monthly updates to our community members. We also have strategic partnerships with national organisations, like Aviva, to provide threat intelligence from an insurance perspective.

On the university side, we work with CyberPATH, a roster of student services provided through local universities. These students offer a wide range of services for our members, with security awareness training being the primary one in the South West. They also conduct vulnerability assessments, corporate investigations, and security policy reviews, often identifying problems small businesses wouldn’t have known about. Though these services come at a cost, they’re much cheaper than going through commercial partners. If any gaps are identified, our commercial partners can step in to help close those gaps.

What advice would you give to small businesses that are just beginning to address their cybersecurity needs?

First, I may be a little biased, but I would suggest joining their regional CRC. It’s completely free, and the advice will help businesses start to address their cybersecurity needs. Every business is different, so the first step is to assess where you are. A great tool for that is the NCSC’s Cyber Toolkit, which provides a self-assessment form to see where you stand.

Other options include conducting audits, like Cyber Essentials, which can show you where improvements are needed. Cyber Essentials is a great way to establish a baseline. If you’re looking deeper into internal vulnerabilities, tools for assessing how Microsoft 365 and other systems are configured can help you identify issues. If you don’t know what’s wrong in the first place, it’s hard to know how to address the issues.

Looking ahead, what are the SWCRC’s goals for improving cyber resilience in the region over the next few years?

We have a goal to get 2% of businesses in the Southwest to sign up, which equates to around 11,000 businesses. We want these businesses to receive our monthly updates because that’s how we improve cyber resilience. While some businesses may choose to take advantage of our paid services like CyberPATH or utilise our partners services to achieve Cyber Essentials certification, the key is to keep businesses informed.

To achieve this, we’re working on establishing strategic partnerships with businesses and business groups. It’s a huge number of businesses for a small team to handle, so we’re relying on professional services and business networks to spread the word. We aim to make our services known to as many businesses as possible, as we are completely free and available to them. Ultimately, our goal is to help as many businesses as we can to become more resilient.

About the Author

Shauli Zacks is a content editor at SafetyDetectives. He has worked in the tech industry for over a decade as a writer and journalist. Shauli has interviewed executives from more than 350 companies to hear their stories, advice, and insights on industry trends. As a writer, he has conducted in-depth reviews and comparisons of VPNs, antivirus software, and parental control apps, offering advice both online and offline on which apps are best based on users' needs.

Shauli began his career as a journalist for his college newspaper, breaking stories about sports and campus news. After a brief stint in the online gaming industry, he joined a high-tech company and discovered his passion for online security. Leveraging his journalistic training, he researched not only his company’s software but also its competitors, gaining a unique perspective on what truly sets products apart.

He joined SafetyDetectives during the COVID years, finding that it allows him to combine his professional passions without being confined to focusing on a single product. This role provides him with the flexibility and freedom he craves, while helping others stay safe online.