THE POLICE DIGITAL SECURITY CENTRE

Reducing the vulnerability of organisations to cyber crime and fraud – visit www.policedsc.com

2

The challenge we face…

Our HistoryIn 2015, the Mayor’s Office for Policing and Crime (MoPAC) established the London Digital Security Centre (LDSC) to help Small and Medium Sized Enterprises (SMEs) across the capital reduce their vulnerability to cyber crime. In 2018, LDSC was taken over by Police Crime Prevention Initiatives (PCPI) and given a national focus, becoming the Police Digital Security Centre (PDSC).

The relationship with PCPI, who have been hugely successful in supporting police forces reduce crime since 1989, adds credibility to our work and provides access to a range of tried and trusted methods that increase the scope and reach of our activities. Building on the success of the ‘Secured by Design’ brand and the experience gathered by PCPI over the past 30 years, PDSC is uniquely placed to deliver a joined-up and consistent approach to tackling cyber crime across the whole of the UK.

Our MissionOur Mission is simple – we aim to reduce the vulnerability of organisations to cyber crime and fraud.

We achieve this by raising awareness about the importance of digital security, showing organisations across the country how taking a few simple steps can prevent the overwhelming majority of cyber crime.

All our advice and guidance is consistent with information published by the National Cyber Security Centre (NCSC).

To find out more about how we can help you, please contact us on 0208 0160 999 or visit our website: www.policedsc.com

About the PDSC

Cyber crime and fraud are a growing threat to UK organisations. According to recent figures published by the Department for Digital, Culture, Media and Sport (DCMS), 32% of organisations have suffered at least one cyber attack or breach within the past 12 months. Yet the good news is that the overwhelming majority of cyber crime can be prevented by taking a few simple steps.At the Police Digital Security Centre (PDSC), we believe that protecting organisations from the most common types of attack or breach shouldn’t be difficult or expensive. We’re a not-for-profit organisation focused on helping Small and Medium Sized Enterprises (SMEs) reduce their vulnerability to cyber crime. We do this by showing organisations where they are at risk of an attack or breach so that they can make informed decisions about their security posture.

3

IncomeAs a not-for-profit organisation, all of our income is directly reinvested into activities that are focused on reducing crime. We receive the majority of our funding through the certification schemes, but also through sponsorship of our ‘In The Community’ Events.

OversightThe work of PDSC is overseen by a Governance Board to manage the work of the Centre in delivering against our strategic priorities. We also have an Advisory Board which is drawn from representatives across policing and leading technology companies to help us prioritise our work.

Our collaboration with the British Standards Institution (BSI)Trust is at the heart of what we do. SMEs want to know that when they buy products or services from digital security providers, they are buying from someone they can trust. Equally, SMEs want to demonstrate to their customers that they can be trusted with their data. That’s why PDSC has collaborated with BSI to deliver our two new Digital Security Certification schemes. The combination of two well-known and trusted brands will help raise digital security standards in support of the Government’s ambition of making the UK one of the safest places to do business online.

Our WorkThe work of the Centre is organised into five strategic priorities.

Our FIVE Strategic PrioritiesWe will:

1 Develop a network of Regional Digital Security Centres to support a truly joined-up and consistent response to cyber crime across England and Wales

2 Establish a police-backed Digital Security Provider Certification Scheme to provide consumers with a list of trusted organisations to meet their individual security needs

3 Enable organisations demonstrate they have taken the necessary steps to improve their security posture through our Digitally Aware and Digitally Resilient Schemes

4 Help organisations who lack support in dealing with the most common types of cyber crime by providing impartial advice and guidance through our In The Community outreach programme

5 Deliver a range of accredited Cyber Security Training Courses through the Police Crime Prevention Academy

The British Standards Institution (BSI)BSI is a global leader in shaping, sharing, embedding, assessing and supporting best practice. In the field of digital security, BSI pioneered the development of international standards for information security, and plays a prominent global role in assuring compliance with best practice. Furthermore, BSI’s cybersecurity capability is extensive, being approved by the National Cyber Security Centre and accredited by the Council for Registered Ethical Security Testers, performing consulting, testing, certification and assessment services in this field globally.

BSI was formed in 1901 and awarded a Royal Charter in 1929, laying out BSIs principle aims:

promoting trade - by developing common industrial standards;

reducing waste - by simplifying production and distribution;

protecting the consumer - through the use of licensed marks to identify conformity to standards.

The Royal Charter and BSIs not-for-distributed profit business model, combined with its digital security skills and global involvement with standards and best practice, combine well with the goals and aims of the PDSC to form a strong collaboration.

4

1 Regional Delivery

2 Digital Security Provider Certification

Building on the success of the London Digital Security Centre, a key deliverable for PDSC is to roll out Regional Digital Security Centres across the rest of the country. These Centres will complement existing collaboration efforts between the police and other stakeholders, ensuring consistent advice across the whole of the UK, but tailored to local issues and needs.

Each Centre will become the focal point in the region for digital security advice. PDSC will ensure alignment with other regions, share best practice, monitor performance and champion the work of each Centre at a national level.

Introduction According to recent figures published by the Department for Digital, Culture, Media and Sport (DCMS), the cyber security market in the UK has grown by over 50% in the last five years, generating almost £6 billion of revenue. However, this rapid growth means that it can often be confusing for consumers to find a digital security provider who they can trust to deliver a product or service that meets their needs.

Certified Digital Security Provider™ PDSC, in collaboration with the British Standards Institution (BSI) have developed a new certification scheme for Digital Security Providers. The new scheme is aimed specifically at organisations offering:

Digital Security Products Digital Security Services Digital Security Consultancy

Successful companies who achieve certification will be awarded Secured by Design ‘Police Preferred Specification’ for 12 months.

The Secured by Design logo and title ‘Police Preferred Specification’ indicates that an organisation or a product meets the high standards set by Secured by Design and BSI. Usage of the logo is restricted exclusively to those products that have successfully tested to these requirements.

The PDSC website contains a list of all Digital Security Providers. Visit: www.policedsc.com.

In addition, each Centre will: Provide access to a list of certified Digital Security Providers which will support local organisations improve their security posture

Help police forces encourage local organisations to test their resilience against an attack or breach and become certified ‘Digitally Aware’ or ‘Digitally Resilient’ companies

Deliver accredited cyber crime courses through the Police Crime Prevention Academy

Coordinate and increase the scope of other related police and Government initiatives, ensuring a truly joined-up and consistent approach across the whole of the UK

Collect and publish data on local cyber crime trends, which will help organisations make informed decisions about their security posture

Working in Partnership across the UK

5

3 Digitally Aware™ and Digitally Resilient™ Certification

Introduction To support SMEs in reducing their vulnerability to cyber crime, PDSC and the British Standards Institution (BSI) have developed a new certification scheme which will help SMEs promote the fact that they take their digital and cyber security seriously. The scheme is intended to increase demand for the Government’s CE and CE+ certifications.

Digitally Aware™ CertificateOur entry-level certificate is aimed at organisations with the lowest risk of cyber crime. To obtain a Police/BSI Certificate, applicants will need to successfully complete an online questionnaire that is based on the National Cyber Security Centre’s (NCSC) ‘Small Business Guide’.

Organisations will also receive a tailored report of their current security posture with clear recommendations for where they can improve.

The certificate costs £50 and is valid for 12 months. 100% of the fee is directly reinvested back into our crime prevention activities.

Digitally Resilient™ CertificateOur second certificate is aimed at those organisations with a higher risk of cyber crime. Assessment will be carried out through BSI. Successful applicants will need to show that they have implemented security measures that are appropriate to their level of risk.

Digitally Aware™ and Digitally Resilient™ – the Cyber Security Journey

SIZE OF ORGANISATION

NUMBER OF

ORGANISATIO

NS

DIGITALLY AWARE ™

CYBER ESSENTIALS

CYBER ESSENTIALS +

DIGITALLY RESILIENT ™RIS

K L

EV

EL

/ DAT

A S

EC

UR

ITY

6

Taking Cyber Security to the High Street…Cyber crime is one of the fastest growing threats to organisations in the UK, yet many of them fail to recognise the value of the information they hold or how they are vulnerable. To help organisations protect themselves, PDSC runs a series of award-winning ‘In The Community’ events where we visit local organisations and provide simple advice about cyber crime. We do this by working alongside local police forces, Business Improvement Districts (BIDs), Chambers of Commerce, Professional bodies and others. We also run Breakfast seminars, cyber security clinics and practical workshops to help organisations improve their security.

Seminars Our digital security seminars are typically 1-2 hour interactive sessions delivered by a member of the PDSC team. The content of each seminar is driven by local need and could include a general overview of digital security issues or a more focused discussion about a specific problem, such as how to prevent an organisation being affected by ransomware.

ClinicsThe clinics are there for organisations to ask PDSC any questions relating to their security posture. Conversations are confidential and enable organisations to understand what security means to them. These are drop-in sessions allowing staff to stop by and have a chat whenever they are free during the day.

4 Our Award-Winning* ‘In The Community’ Programme

* LDSC was awarded ‘Best SME Focused Cyber Security Initiative – South East England 2019’ by Acquisition International for our ‘In The Community’ programme.

7

5 Training

Introduction PDSC delivers a number of accredited courses through the Police Crime Prevention Academy, part of PCPI. The Academy is an approved centre for the awarding body Pro Qual, and is able to deliver OfQual qualifications.

Accredited training is a key part of PDSCs work and we are currently offering the following approved Pro Qual qualifications through the Police Crime Prevention Academy:

Level 2 Award in Protecting Your Business Against Cyber Crime and Fraud

Level 3 Award in Cyber Security Leadership

Level 3 Award in Dealing with a Cyber Attack or Breach

In addition to our formal training qualifications, we also design and deliver bespoke training courses tailored to meet the needs of organisations. These range from 1 hour information sessions to day-long courses.

CASE STUDYIn November 2018, PDSC was approached by an SME in the South of England to design and deliver a bespoke training course for over 100 of their staff. The SME was particularly concerned about the impact of a cyber attack and wanted to make sure their staff were able to spot suspicious activity.PDSC worked with the SME to develop a series of short, interactive courses that would help improve the knowledge of their staff in identifying the most common types of cyber crime.

Several weeks after the course, an employee who had attended the training, received an email from a supplier asking for an invoice to be paid. The employee felt the email looked different to normal and phoned the supplier to confirm that they had sent it. The supplier immediately realised that their systems had been hacked. By looking carefully at the email, the employee saved the organisation tens of thousands of pounds.

Police Digital Security Centre 1st Floor10 Victoria StreetLondon SW1H 0NN

Tel: 0208 0160 999Email: contact@policedsc.comWeb: www.policedsc.com

PDSCP0619

Reducing the vulnerability of organisations to cyber crime and fraud – visit www.policedsc.com