As a founding partner and board member of the Cyber Resilience Centre for Wales (WCRC), Monmouthshire Building Society (MBS) is an active collaborator in providing support and guidance to Welsh businesses in the fight against cybercrime. This allegiance, along with the centre’s other partnerships, has allowed the WCRC to work with impactful organisations all of which are committed to creating a safer economic landscape for Wales.
Here, WCRC Director, Detective Superintendent Paul Peters, speaks to Robert Howell, Head of IT at Monmouthshire Building Society to find out why the organisation chose to be involved in the centre’s work, the impact this has on its own customers and its commitment to driving awareness of better cyber security across the Welsh business community.
PP: What was the driving force for Monmouthshire Building Society to become a founding member of the WCRC?
RH: At Monmouthshire Building Society, our commitment to the members we serve is at the heart of everything we do. The decision to become a founding member of the WCRC stemmed from our recognition of the growing threat that cybercrime poses to businesses and individuals alike. As a financial institution, we understand the critical importance of safeguarding sensitive information and ensuring that our customers can trust us with their finances.
By joining forces with the WCRC, we aimed to proactively address these threats by contributing to a wider effort that supports the resilience of not only our own operations but also those of the broader business community in Wales. We believe that by collaborating with other organisations and sharing best practices, we can help to create a more secure and resilient digital landscape. The driving force behind our involvement was, and continues to be, our dedication to protecting our customers and the communities we operate in, ensuring that we’re all better prepared to face the challenges of the digital age.
PP: Do you feel that you’re able to offer your business customers something extra as part of the service you provide in regards to cyber security guidance and working alongside the WCRC?
RH: Absolutely. Partnering with the WCRC allows us to offer our business customers an enhanced level of service when it comes to cyber security. Beyond the traditional financial services we provide, we’re now in a position to offer expert guidance and resources through the WCRC, that help our customers better understand and mitigate the risks associated with cyber threats.
The WCRC can offer access to tailored advice, regular updates on emerging threats, and practical tools that can strengthen their cyber defences. This partnership is particularly valuable for small and medium-sized enterprises, which may not have the resources to dedicate to a full-time cyber security team. By leveraging the expertise and resources of the WCRC, we can provide these businesses with the knowledge and support they need to stay ahead of cybercriminals. This is a significant value-add that goes beyond our core offerings and underscores our commitment to the long-term success and security of our members.
PP: When you speak to your business customers, how concerned are they about cybercrime and is being cyber resilient a priority for them?
RH: Cybercrime is a significant concern for many of our business customers, particularly in today’s digital environment where threats are constantly evolving. In my conversations with them, it’s clear that there is a growing awareness of the importance of being cyber resilient, though the level of concern can vary depending on the size of the business and the sector they operate in.
For larger businesses, cyber resilience is often a top priority, with dedicated resources allocated to ensure their systems are secure. However, smaller businesses, while increasingly aware of the risks, may still struggle to prioritise cyber security due to resource constraints. They recognise the potential impact of a cyber-attack but sometimes feel overwhelmed by the technical aspects of implementing robust defences.
This is where the role of the WCRC becomes crucial. The centre works to bridge that gap, providing these businesses with accessible, straightforward guidance and support to help them enhance their cyber resilience. Through our partnership with the WCRC, we can also reassure them that they are not alone in facing these challenges and that there are resources and support systems in place to help them navigate this complex landscape.
PP: How much awareness is there about the devastating impact a cyber-attack can have on a business, no matter how big or small?
RH: Awareness of the devastating impact of cyber-attacks is definitely growing, but there’s still work to be done, especially among smaller businesses. Larger organisations are often well-aware of the risks, as they’ve either experienced incidents first-hand or seen peers in their industry fall victim to attacks. For these businesses, cyber-attacks can lead to significant financial loss, reputational damage, and operational disruption, and they understand the importance of investing in strong cyber defences.
However, smaller businesses, while increasingly aware, may not always fully grasp the potential severity of a cyber incident. They might think they’re too small to be targeted or that the impact won’t be as severe. Unfortunately, this is a misconception, as cybercriminals often see smaller businesses as easy targets due to their perceived lack of robust security measures.
The reality is that a cyber-attack can be just as devastating for a small business as it can be for a large corporation. It can lead to data breaches, loss of customer trust, legal liabilities, and in some cases, it can even force a business to close its doors. That’s why we’re focused on raising awareness and providing the necessary tools and knowledge to all our customers, regardless of their size, to help them understand and mitigate these risks.
PP: What support do you give business customers when it comes to cyber security?
RH: We offer a range of support to our business customers in the area of cyber security. First and foremost, we provide education and awareness through regular communications, such as newsletters, webinars, and workshops that focus on the latest threats and best practices. These resources are designed to keep our customers informed and equipped to handle the evolving landscape of cyber risks.
Additionally, through our partnership with the WCRC, we can offer more specialised support. This includes access to expert guidance tailored to the specific needs of their business, as well as practical tools and resources that they can implement to enhance their cyber defences.
For businesses that need more in-depth assistance, we also facilitate connections with cyber security professionals who can conduct assessments, provide recommendations, and even help with the implementation of advanced security measures. Our goal is to ensure that our members have the knowledge and resources they need to protect their business from cyber threats, no matter their size or industry.
PP: What three recommendations would you make for small business owners to build and maintain their cyber defences?
RH: Building and maintaining strong cyber defences is crucial for small business owners, and I would recommend focusing on three key areas:
Invest in Basic Cyber Hygiene: Start with the basics, such as ensuring that all software is up to date, using strong, unique passwords for all accounts, and implementing two-factor authentication wherever possible. These simple steps can go a long way in protecting your business from common threats like phishing attacks or ransomware.
Educate and Train Your Team: Human error is one of the leading causes of cyber breaches, so it’s important to educate your staff about cyber security best practices. Regular training sessions on recognising phishing emails, securing sensitive information, and understanding the importance of following security protocols can significantly reduce the risk of a successful attack.
Develop a Response Plan: Even with the best defences in place, it’s important to be prepared for the possibility of a breach. Develop a cyber incident response plan that outlines the steps your business will take in the event of an attack. This should include procedures for containing the breach, communicating with stakeholders, and recovering lost data. Having a plan in place can help minimise damage and ensure a quicker recovery.
These recommendations are foundational, but they can make a significant difference in protecting a small business from the potentially devastating impact of a cyber-attack.
If you’re not already part of the WCRC membership community, join for FREE today! We provide national guidance, resources, regular cyber updates and member-only content along with access to a range of affordable services, all designed to support small businesses, charities and other third sector organisations to become more aware and better protected against online risks.
Comments