Developing police-led cyber resilience services for business across the North East
Supt. Rebecca Chapman joined the police force in the 1990s, becoming Superintendent in 2017. Using experience gained across a variety of departments within the force, she established the NEBRC - a not-for-profit police led organisation which specialises in providing free cyber security advice to SMEs.
I joined South Yorkshire Police in 1993 following a stint in retail management at Topshop and River Island.
Looking back, it was a very different world to the one we occupy today. For a start, the police kit then was minimal. As a women PC I was issued with a skirt, a short wooden truncheon, a stocking allowance and white shirt (with no pocket). I think it’s fair to say that women PC’s were pigeon-holed at that time, and more often than not given the sexual assaults, rapes, child offences or child-minding jobs. And reports were still produced on the old-fashioned typewriters – the sort that needed every key bashing just to get any impression.
Communication was reliant on the standard issue analogue radios – the reliable mass-produced mobile phones were still a few years away, as indeed was sat nav – so finding an address was based on local knowledge and a good old-fashioned map.
Like most industries technology has revolutionised policing; first with the advent of pagers, then mobiles and smart phones, followed by laptops and more recently mobile digital forensic labs. But with technology comes risk and whatever advances the police make, when it comes to technology you can be sure the criminals are working just as hard to try and stay one step ahead.
My police career followed a pretty traditional path to start with. After my probation I spent several years in uniform at district level: in custody, policy, legal services, firearms command and a few CID departments on the way. I was promoted in 2000 to Sergeant, moving up the ranks to become a Superintendent in 2017.
As a previous Director of Intelligence, I had cyber, digital forensics and economic crime in my portfolio, among other disciplines in my remit. The realisation for me at that time was that this presented the biggest threat to the public and the bottom line was that we needed more resources and a restructure.
As a result, I took on a new role which led on collaboration across seven NE forces: Northumbria, Cleveland, Durham, the Yorkshire forces and Humberside, allowing best practice to be shared thus saving time, resources and budget. And it was at this time that I was introduced to the Scottish Business Resilience Centre which essentially handled all business crime for Scottish Police.
Armed with knowledge and best practice from the SBRC, I secured national support from the Police Cybercrime Programme and set up the North East Business Resilience Centre (NEBRC) in November 2019. This unique nexus between police, academia and corporate business works to provide affordable cyber security advice to businesses across the region, including micro and sole traders. Today, as an organisation, the NEBRC provides services delivered by university under graduates and those at the forefront of learning and evolving technology to provide businesses with talented and informed ‘ethical hackers’ while also providing the students with relevant work experience to further their studies and careers.
The services offered of our members are effective, affordable and detailed, assessing the risk factors from online threats. Our team work to provide detailed written feedback with an action plan and the opportunity to continue the journey with a ‘trusted partner’ an IT / Cyber Security specialists, recommended by the Centre, to provide support and guidance in cyber resilient planning and management.
So, nearly 30 years after first putting on the rather unforgiving police uniform, I am providing cyber and fraud security advice for businesses and the larger public that focuses unashamedly on prevention.
The threat landscape has changed hugely since 1993 with the largest and most expensive crimes now taking place online. These include ransomware by phishing or social engineering: really simple tools that target the human rather than the machine.
There are areas that businesses can improve quickly and cheaply to protect and prepare themselves against attack. We work closely with the National Cyber Security Centre (NCSC), part of GCHQ, to help businesses to cut through the complicated and often complex jargon surrounding cyber security to help educate and implement strategies to help prevent online business crime and fraud.
We often use the analogy that you wouldn’t go out and leave your door open, so why do you leave your online systems open – and why don’t your staff know to protect the system? You are as likely to get attacked as a small business or sole trader as a large organisation – attackers don’t discriminate. The statistics show that 4 in 10 business have faced some form of breach last year, leading to a £2.4billion cost to the UK.
Anyone who has a digital element to their business from a diary, a payment system, a website or a whole automated process requires protection requires online protection. Don’t think it can’t happen to your business – it can, but you can protect yourself easily and prepare for recovery especially with help from one of the local cyber resilience centres.
This is a guest blog which contains the views of the author and does not necessarily represent the views of the IoD.