Our latest guest on Ten2Two’s Talking SME podcast is Gary Swanwick, Co-founder and Managing Director at Epoq IT. In this episode ‘Cyber Security – why simple anti-virus software is no longer enough’, we discuss the practical steps that business owners can take in terms of cyber security. We also talk about why simple antivirus software is no longer enough to protect your business, and the impact of remote working on cyber security.
A bit about Gary
Gary Swanwick is co-founder and managing director of managed services provider Epoq IT, which is based in High Wycombe.
Gary has over 20 years’ experience in the IT industry advising corporate and SME clients and is a winner of the Buckinghamshire Entrepreneur of the year award.
‘Cyber Security – why simple anti-virus software is no longer enough’ is just one of in our series of podcasts where we talk about a wide range of topics. We talk with business experts, and also offer broad insights to help SMEs become more successful.
Don’t forget to check out our other Talking SME Podcasts here.
Click the link below to download your copy of Epoq IT’s
This eBook outlines the main challenges that SMEs face when you’re running a part-remote, part-office-based working structure long-term, and looks at the cyber security initiatives you can put in place to reduce risk and protect your people.
Discover how to:
- Secure all your employees devices
- Update your policies for hybrid working
- Ensure your employees are cyber aware
- Respond to a cyber security breach
Jane O’Gorman (00:03):
Hello, and welcome to talking SME our quick fire chat with business leaders. I’m Jane O’Gorman director of Ten2Two experts in flexible recruitment and consulting. And today I’m very pleased to welcome Gary Swanwick founder and MD of EPOQ IT. Hi Gary.
Gary Swanwick (00:25):
Hi Jane. How are you?
Jane O’Gorman (00:27):
I’m very well, thank you and you?
Gary Swanwick (00:28):
Good. Yeah. Good. Thank you.
Jane O’Gorman (00:30):
Great. Thanks for joining me today. Gary, you co-founded, EPOQ IT in 2002 when you were in your early twenties. So a young business leader, what did you set out to achieve and what does the name EPOQ IT signify?
Gary Swanwick (00:49):
Good question – I was quite young and you know, it’s the old adage of, if I knew then what I know now. But, quite clearly I wanted to set out and achieve a real focus on the right outcome for clients, is the easiest way to put it. I was always fairly entrepreneurial at school. I had a bit of a side hustle, in terms of I had a job and a bit of a side hustle fixing people’s computers, and that was kind of business computers as well and networks. There wasn’t really a gap, but I guess really it was making sure the outcome for the client was business related.
Gary Swanwick (01:45):
It hit their business objectives. And that’s something that I think, a lot of IT companies miss even now is that they’re very technically led where it always has to start with the business objective. And that really is what I set out to achieve. I had a very basic business plan. I think if I had to go back in time, I’d make that a bit more comprehensive and really think about the end goal in a lot more detail then work back. But I think I was just eager to get up and running, and be my own boss at the time.
Gary Swanwick (02:22):
So I think, in answer to your question of what did I want to achieve? I wanted the best outcome for the clients, but also I wanted to manage my own time. And that was pretty clear. But I’ve always wanted to probably create something, I think if I had to go back in time though, I would take more time thinking about the end goal and obviously working that back to get the results I wanted. But that did come, it just took a bit longer.
Jane O’Gorman (02:59):
Sure, and the name?
Gary Swanwick (03:01):
The name EPOQ. Well, actually it’s epoch is new era.
Jane O’Gorman (03:05):
Gary Swanwick (03:06):
Actually I worked for a company with a fairly uninspiring name, their business name was around the initials of the directors that founded the business. They actually told me that it was the worst mistake they made around the brand. So I knew I needed a name that was different and kind of stuck out and one evening actually, I think it was me and the co-founder at the time and an evening of going through the dictionary and actually epoch stood out, as an apt name for us. But it’s epoch and we had to change it to the ‘Q’ just to be a bit more techie. That was the idea.
Jane O’Gorman (03:57):
It works – new era, new change. And interestingly, I guess, change is part of life and part of business growth. But I think the speed of change since March 20 has been unprecedented, for all of us. Having been through the first phase of lockdown and then dealing with the second, what differences do you feel have emerged during the second lockdown versus the original, and how do you feel it’s affected you and the people you work with Gary?
Gary Swanwick (04:34):
I think the clear difference that I saw in other people, which I think I’d probably already experienced in life, but I think a lot of people suddenly saw the value of time. Because I think the first lockdown came fairly unexpected and kind of stole that time away from them, first time in their life that, they had to look at their lives a little bit differently and how they were spending their time. But then I think the real difference between the first lockdown and the second lockdown and the third lockdown, and however many lockdowns we’ve had, is that it’s been a little bit of a shift to the new normal. I know that that’s something that is, said quite a lot, new normal, and what does it actually mean?
Gary Swanwick (05:30):
But I think that was driven from obviously people’s value that they then started putting on time. It also, on the flip side too, the second lockdown was slightly harder because businesses were starting to get back, starting to see the green shoots. And then obviously a lot, depending on what industry you’re in, but a lot of confidence was hit, and some significant cash flow issues, I think in lockdown maybe two and later in the year that they hadn’t seen in lockdown one where they managed to weather the storm. But you can only weather that for so long.
Jane O’Gorman (06:09):
Yeah. Possibly not thinking it would be as long as it has.
Gary Swanwick (06:15):
Yeah. Everyone thought by the end of summer everyone would be back to normal. That’s what I mean, we started going into a new normal, how does that look for the future, and forever.
Jane O’Gorman (06:30):
Indeed, indeed. Do you think having, and you touched on that when we talked about setting up the business, but do you think having an entrepreneurial mindset is a bonus in times of uncertainty?
Gary Swanwick (06:44):
Yeah, of course it is. Of course it is because I think the entrepreneur is, ‘A’ always on the side of looking for an opportunity. So whatever, the journey of an entrepreneur, is always to expect the unexpected. So whether it’s the economy or, any kind of external factors, COVID was just one of those kind of external factors that you’ve got to deal with. But entrepreneurs also, you’ve got to have the mindset of, resilience. How can you always be prepared for the unexpected? And that is part of it. That is part of the journey. I think you’ve just got to be able to respond in a crisis, and spot the opportunity. That’s it really.
Jane O’Gorman (07:43):
Excellent. And you touched on the new normal, what does normal now mean at EPOQ IT and for your customers Gary?
Gary Swanwick (07:55):
Yeah, I think from some of the clients, what we’re seeing is a lot of clients are now planning to reduce their office space. They’re quite vocal about it, definitely, and they’re building it into their plans because they’ve realised that they can work remotely. I also think pre COVID there was a lack of trust, depending on the culture of the business, some had a lack of trust of people working remotely, for some reason they couldn’t find, what the solution was to that. And I don’t really know why, there’s accountability and it’s your systems and everything else. But I think, that’s kind of the new normal, I guess is people are moving to a, maybe more hybrid working model. So here at EPOQ, we’ve had people working remotely, I don’t think that is gonna change quickly.
Gary Swanwick (09:07):
We’ve probably changed and we’re a bit more flexible with our working, just because of what I said before. Actually everyone’s valuing their time a lot more so there’s an emphasis on work-life balance. Which there always is, but I think that that’s probably been fuelled a bit more.
I think there’s a lot of talk about moving to this kind of hybrid model of two days in the office or three days, three days remote. Personally, this is only my opinion. But I think that will be a novelty. I say that just because I think businesses, once things do return and the economy picks up businesses have a fairly short memory, I think they will also have experienced maybe culture issues during COVID. Cause it’s very hard when you have a remote workforce, how do you instill the culture that you want in a business? How can you be as productive as possible? I personally, don’t believe that you can do it solely by being, remote. You do need a place of business. You do need, people in the office, depending on what industry you’re in as well.
Jane O’Gorman (10:26):
Yeah. And that takes us back to that kind of the hybrid working that, it’s obviously something that from us as an organization and you touched on a lot of topics that we often discuss in terms of remote working or trust and the value of time. But again, it’s coming back to this topic of the new era and hybrid working, and how things may change going forward. But, what do you think that means for, people and processes, particularly given your area of expertise Gary, if we were to consider, say cyber security issues and cyber crime.
Gary Swanwick (11:06):
I think it needs a, it definitely needs a mindset shift. How you look at your systems and processes, like you say, how do you keep control of the technology when it’s not in your kind of place of business, if you like. But also you’ve got the human firewall element. That is so critical in the kind of the security of your data, you could put in all the layers of technology that you like, but you still have to educate and train and make your people aware of the threats. Otherwise they could just unlock that.
It’s a bit like having a house and you can invest in all of the CCTV and alarms. But actually if the human doesn’t switch the alarm on and, leaves the back door unlocked, then it’s a pointless exercise. So it’s about getting your people educated as much as it is anything else. So I don’t know if that really answers the question.
Jane O’Gorman (12:14):
I think it is a very good point, but it’s interesting also in terms of understanding what that education looks like and whether it’s different now, because obviously the other elements to be more mindful of when we are dealing in a hybrid structure where, perhaps within a building and an office space there are certain things to be mindful of does that translate and transfer to remote working too, or will there be more involved, in the education of how we’re going to manage that going forward?
Gary Swanwick (12:51):
Yeah. I think you have to approach it differently. And there are solutions now to train new people and, there are cybersecurity awareness kind of training, where you can train your people remotely and, make sure that you’re monitoring phishing emails. I would highly recommend that all businesses test their staff and send out a dummy phishing email and see who responds and who needs the training.
It’s all about prevention rather than cure. And that’s, that is the challenge when you’re remote and you’ve got people using their own laptops potentially and their own mobile phones, but they’re connecting back into your infrastructure. You need to, be aware of what these devices are, and how they’re connecting into your data.
Gary Swanwick (13:48):
I think the message also is simple antivirus software is not enough anymore. That is not it. There’s a two pronged attack to this as in, you need to invest appropriately, in the right technologies, but you also need to educate your people, make them very aware of what’s going on. And I think that has to develop for remote workers and then, how you do that is fairly simple because the technology is there, you’ve got to use the technology to enable your business to work remotely. That’s it in a nutshell.
Jane O’Gorman (14:36):
Good point. So practically speaking, Gary, what can SME business owners do today to ensure that they aren’t soft targets for cyber criminals.
Gary Swanwick (14:51):
Practically? I mean, there’s lots of practical things that they can do. I think first one I would say is go investigate cyber essential scheme. It’s a government run scheme, ‘A’ it’s good for peace of mind for the business owner and the management team that they’ve got, the right infrastructure, that’s fit for today’s world. But also, they can show it to their clients to make sure, to give their clients peace of mind that they’re dealing with a business that takes this seriously.
And it’s not an expensive exercise either, and it does the basics of cyber security, but it also shows the world that your business is taking it seriously. I think another real practical step is just a basic gap analysis of what you’re doing at the moment. You could get, maybe get an external person or organization to do that for you, and just give you a real, thorough and expert opinion on what you’re doing. Your processes, how you’re using them, your people. It has to be fit for your business as well.
Jane O’Gorman (16:15):
Gary Swanwick (16:15):
And then also, a simple business continuity plan. So, if you think, the stat is something like 63 to 65% of SMEs have had a breach of some description. I think just simply having a plan on your business continuity or a disaster recovery plan is just a simple way to, start thinking backwards. Actually I’ll go back to the first question, something that I didn’t do when I started the business enough was think of the end goal and work back, but actually the same applies here. What is your plan?
If, I’d say the worst happens, but the inevitable really, I think if you’re not preparing for it, you will suffer a breach as the modern world evolves. This will become more prevalent, but actually there’s lots of free advice as well and free policies and some things on the internet, including actually, this is sorry, apologies, but a plug to our website. If you go to the EPOQ website there’s a free resources section where you can download a template or FAQ’s that might help you in your business. So it doesn’t have to be expensive. Just the practical things, can be free, but spending the time to think about it in a bit more detail.
Jane O’Gorman (17:49):
Yeah. That’s really helpful. Some useful tips there and as you say, not necessarily costly, but giving the time up to do it. And actually those percentages in terms of your, 63, 65% of SMEs, that’s quite a high percentage. And going back again to what you said earlier about prevention rather than cure, maybe just giving a little bit of time and thought to this could really help make a difference.
Gary Swanwick (18:18):
It needs to be an agenda item on your board meetings or your senior management team meetings, it has to be an agenda item on there now, before it’s too late really, you don’t want to be backpedaling when you’ve got a breach and we see them.
We’re an IT services business and there’s no, you haven’t got a hundred percent guarantee against a breach. So part of our business is, how do you respond when there’s a breach, you’ve got to prevent it, but inevitably you can’t prevent everything. And how do you respond and how do you get back up and running and how do you prevent that causing a disruption to your business in terms of lost revenues, but also reputation as well. There is a reputation to keep up, especially now, with essentials, if you can get, that’s what I mean, it makes you look like you’re taking it a little bit more seriously than, perhaps somebody that hasn’t got it.
Jane O’Gorman (19:25):
Yeah. It’s a really good point. Definitely. And as you say a big area and good advice to have that on the agenda Gary as well. If you could leave one piece of advice or tip, for listeners what would it be Gary?
Gary Swanwick (19:41):
Around cyber security, it would definitely be take the time to educate yourself and your team on the threats and do a gap analysis. I think that is the simple one. Just to take it more seriously. Like I say have it as an agenda item. That’s the single thing that you could do to make a step forward, is just to take it seriously before. A lot of businesses take it seriously after the event. Just make sure you’re not one of those.
Jane O’Gorman (20:20):
Yeah. I think that’s really helpful advice. Hopefully, there’ll be a few of the listeners out there who might not have done so yet, who will be thinking about that and the value that could bring. So thank you so much for joining me today, Gary and for this valuable chat, it’s been a pleasure talking to you.
Gary Swanwick (20:42):
Well, thank you for the time and the opportunity.
Jane O’Gorman (20:45):
My pleasure and to our listeners, I hope you enjoyed our talking SME. Look out for future episodes coming soon from Ten2Two, experts on flexible recruitment and consulting.