Our Trusted Partners are an integral part of the ECRC, being able to accredit cyber essentials. But here is a little more information about the people behind the partner.
Tell me who you are and what you do within PGI?
I’m Olly Jones, Senior Cyber Security Consultant at PGI – I’m not a technical person, as such, so my role is primarily around helping organisations understand the threats they are up against. I talk to our clients about what the threats are and how to mitigate them – quite often, I do this via training, so I’m an NCSC-Certified trainer. I also work with our international team, with a focus on cyber capacity building – essentially, we’re helping others build up their cyber resilience skills.
How did you get into cyber resilience?
I started as an analyst at the Serious Organised Crime Agency, now the National Crime Agency, and then moved on to GCHQ where I worked in a multi-agency team helping to establish and develop a new innovative cyber assessment centre in advance of the establishment of the NCSC.
What’s the best thing about working at PGI?
The sheer breadth of the work I get to do, particularly the companies I am lucky enough to work with – across all sectors and internationally.
What size companies do you work with?
From SMEs right up to multi-country organisations – I’ve worked with small businesses who have five staff and I’ve run training sessions in organisations where they have more than 5,000 staff, training both executive leadership and the wider workforce to understand what cyber threats are out there and the best ways to manage them.
What do you see small/medium companies struggling with in terms of cyber resilience?
It really is about understanding the risks, so they know how to manage them. For example, phishing is still a major entry point for criminals—whether that’s for a Business Email Compromise scam or to install ransomware—so making sure everyone in the organisation (even if there are only five of you) knows what to look for is vital. Also, the amount of information available about mitigating cyber threats is likely to be overwhelming and if you don’t know where to start, you’ll either end up spending a lot of money you don’t need to or you’ll avoid doing anything at all; of course, while the digital world is all 1s and 0s, the human element needs to be in in balance with the technological side if you want to successfully keep your business secure and resilient.
Why should companies get Cyber Essentials accreditation?
Well, you have to start somewhere and Cyber Essentials is a great scheme as a first step. The five areas that Cyber Essentials focus on, are more or less the basic points you need to cover for filtering out the low-hanging fruit that criminals will initially aim for. Much like putting on some kind of body protection and a helmet when you go mountain biking.
What three tips would you give a company with little knowledge of cyber resilience?
Get Cyber Essentials so you can tick off the basic defences
Make sure your teams have had cyber awareness training so they know what to look for
Know what data you hold – you may not think you have anything to offer a criminal, but you’d be very surprised.
Tea or Coffee?
The day hasn’t started without a coffee.
If you were a super hero, what powers would you have and why?
Teleportation – I could skip traffic and travel all over the world without having to sit still for hours!
