OFFRE D'UNE DURÉE LIMITÉE. Obtenez 3 mois à 0,99 $/mois. Profiter de l'offre.
Page de couverture de The Small Business Cyber Security Guy | UK Cybersecurity for SMB & Startups

The Small Business Cyber Security Guy | UK Cybersecurity for SMB & Startups

The Small Business Cyber Security Guy | UK Cybersecurity for SMB & Startups

Auteur(s): The Small Business Cyber Security Guy
Écouter gratuitement

À propos de cet audio

The UK's leading small business cybersecurity podcast, helping SMEs protect against cyber threats without breaking the bank.

Join cybersecurity veterans Noel Bradford (CIO at Boutique Security First MSP) and Mauven MacLeod (ex-UK Government Cyber Analyst) as they translate enterprise-level security expertise into practical, affordable solutions for UK small businesses.

🎯 WHAT YOU'LL LEARN:

  • Cyber Essentials certification guidance
  • Protecting against ransomware & phishing attacks
  • GDPR compliance for small businesses
  • Supply chain & third-party security risks
  • Cloud security & remote work protection
  • Budget-friendly cybersecurity tools & strategies

🏆 PERFECT FOR:

  • UK small business owners (5-50 employees)
  • Startup founders & entrepreneurs
  • SME managers responsible for IT security
  • Professional services firms
  • Anyone wanting practical cyber protection advice

Every episode delivers actionable cybersecurity advice that you can implement immediately, featuring real UK case studies

The Small Business Cyber Security Guy Productions Politique Économie
Épisodes
  • Why Windows 11 25H2 Is a Quiet Security Game-Changer

    Why Windows 11 25H2 Is a Quiet Security Game-Changer
    Oct 1 2025

    Host Graham Faulkner dives into Windows 11 25H2 in this solo episode, explaining why this understated update matters for security, stability, and small-business productivity. He breaks down how 25H2 arrives as an Enablement Package (EKB), what that means if you’re already on 24H2, and why the streamlined rollout keeps disruptions to a minimum.

    The episode covers key technical and practical changes: removal of legacy components like PowerShell 2.0 and WMIC, continued performance improvements (CPU scheduling, memory management, faster startups), and expanded Wi‑Fi 7 support. Graham highlights Microsoft’s shift toward continuous monthly innovation and why that helps maintain a more secure, reliable environment without waiting for big yearly releases.

    Security is a major focus: Graham explains Microsoft’s Secure Future initiative, which brings AI-assisted secure coding and enhanced vulnerability detection into the development and post-release lifecycle. He frames these advances for small business owners, showing how better detection and automated security practices reduce risk and downtime.

    Practical deployment and lifecycle details are explained clearly: support-cycle resets (24 months for Home/Pro, 36 months for Enterprise/Education), how to get 25H2 via the “Get the Latest Updates” toggle, controlled rollouts and device holds, and enterprise deployment options like Windows AutoPatch and the Microsoft 365 Admin Center. He also covers admin-friendly improvements such as removing preinstalled Microsoft Store apps with Intune or Group Policy.

    The episode closes with hands-on advice: check the Windows Release Health Hub for known issues, back up critical machines before upgrading, verify driver and app compatibility, and prepare rollback plans for important systems. Graham adds a personal anecdote about preparing his vinyl-catalog PC for the update and stresses that 25H2 is about steady, practical improvements—safer, faster, and less disruptive for both single machines and fleets.
    Voir plus Voir moins
    10 min
  • Your 3-Year-Old's Data Is on the Dark Web Right Now: The Kido Wake-Up Call

    Your 3-Year-Old's Data Is on the Dark Web Right Now: The Kido Wake-Up Call
    Sep 30 2025
    In 40 years of Information Technology work, Noel Bradford has never been this angry. On September 25th, 2025, the Radiant ransomware gang stole personal data from 8,000 children at Kido International nurseries, posted their photos and medical records online, and then started calling parents at home to demand ransom payments. This isn't just another data breach. This is the moment cybercrime lost whatever soul it had left. In this raw, unfiltered episode, Noel breaks down exactly what happened, why the security failures that enabled this attack exist in thousands of UK small businesses right now, and what you need to do immediately to protect your organisation from becoming the NEXT headline. WARNING: This episode contains strong language and discusses disturbing tactics used by cybercriminals. Parental guidance advised. What You'll Learn The complete timeline of the Kido ransomware attack and how it unfoldedWhy hackers spent weeks inside the network before strikingThe new escalation tactic of directly contacting victims' familiesFive critical security failures that allowed 8,000 children's records to be stolenWhy "we're too small to be targeted" is the most dangerous lie in businessThe regulatory consequences Kido faces under UK GDPRImmediate action steps every small business must take NOWWhy does this attack signal a fundamental shift in cybercrime tactics Key Takeaways The Five Critical Failures Initial Access Was Preventable - Likely phishing, weak passwords, or unpatched vulnerabilitiesNo Monitoring - Weeks of dwell time with zero detectionNo Network Segmentation - Hackers accessed everything once insideNo Data Loss Prevention - 8,000 records exfiltrated without triggering alarmsInadequate Backups - No mention of restoration from clean backups New Threat Landscape Reality Ransomware gangs now directly contact victims' familiesChildren's data is being weaponised for psychological pressureMoral boundaries in cybercrime have completely dissolvedAttack tactics proven successful will be replicated by other groups Business Impact Statistics 43% of UK businesses suffered a breach in the past yearNearly 50% of primary schools reported cyber incidents60% of secondary schools experienced attacksThe education sector is particularly vulnerable Featured Experts & Sources Government & Law Enforcement: Metropolitan Police Cyber Crime UnitInformation Commissioner's Office (ICO)Jonathon Ellison, Director for National Resilience, National Cyber Security Centre Cybersecurity Experts: Rebecca Moody, Head of Data Research, ComparitechAnne Cutler, Cybersecurity Expert, Keeper SecurityMantas Sabeckis, Infosecurity Researcher, Cybernews Direct Victims: Stephen Gilbert, Parent with two children at Kido nursery Threat Actors: Radiant Ransomware Gang (claims to be Russia-based) Immediate Action Checklist Do These TODAY: Enable multi-factor authentication on ALL business accounts Check that all software is updated to the latest versions Review who has access to sensitive data Verify backups exist and are stored offline Schedule staff phishing awareness training Do These This Week: Audit your network segmentation Implement monitoring and alerting systems Review password policies across the organisation Create an incident response plan Assess cyber insurance coverage Do These This Month: Conduct a full security audit Test backup restoration procedures Implement data loss prevention tools Review vendor and third-party security Schedule penetration testing Resources Mentioned Government Resources National Cyber Security Centre: https://www.ncsc.gov.uk/Information Commissioner's Office: https://ico.org.uk/Met Police Cyber Crime Unit: https://www.met.police.uk/advice/advice-and-information/fa/fraud/online-fraud/cyber-crime/UK Cyber Security Breaches Survey: https://www.gov.uk/government/collections/cyber-security-breaches-survey Cybersecurity Companies Comparitech: https://www.comparitech.com/Keeper Security: https://www.keepersecurity.com/Cybernews: https://cybernews.com/ Legal & Compliance UK GDPR Guidance: https://ico.org.uk/for-organisations/guide-to-data-protection/Children's Data Protection: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/children-and-the-uk-gdpr/ Episode Quotes "What happened to Kido International this week represents the absolute lowest point I've witnessed in 40 years of cybersecurity." "These hackers didn't just encrypt some files and demand payment. They actively posted samples of children's profiles online. Then they started ringing parents directly." "You're not special. You're not too small. You're not immune. You're just next on the list unless you take action." "The hackers claim they 'deserve some compensation for our pentest.' Let that sink in. They're calling this a penetration test." "A child's photo, name, and home address in criminal hands. This data doesn't expire. It doesn't get less valuable. It just sits there, a ...
    Voir plus Voir moins
    18 min
  • When Teen Hackers Test Your Defences: Lessons from the School Yard to the Boardroom

    When Teen Hackers Test Your Defences: Lessons from the School Yard to the Boardroom
    Sep 29 2025

    Join hosts Noel Bradford and Mauven McLeod in this Back-to-School special of the Small Business Cybersecurity Guy podcast as they trace a line from 1980s schoolroom mischief to modern, large-scale breaches that put millions of students and small organisations at risk. Through recollections of early BBC Model B and Novell-era antics, the episode uses real recent incidents to expose how weak passwords, written credentials and opportunistic insiders create systemic security failures.

    The episode unpacks headline-making investigations and statistics — including the ICO analysis showing that students are behind a majority of school data breaches, the PowerSchool compromise that affected tens of millions of records and led to extortion demands, and targeted campaigns such as Vice Society and the evolving Kiddo International incident. The hosts explain the motivations behind student-led breaches (curiosity, dares, financial gain, and revenge) and how those same drivers also appear within small businesses.

    Noel and Mauven explain why insider threats matter, even when they aren’t sophisticated: most breaches exploit simple weaknesses, such as reused or guessable passwords, written notes, shared admin accounts, and a lack of access controls. Producer Graham contributes a live update on ongoing incidents, and the episode highlights how these events translate into operational disruptions — including school closures, days of downtime, and long-term reputational and legal fallout.

    Practical defence is the episode’s focus: clear, actionable guidance covers immediate steps (audit access, enable multi-factor authentication, remove unnecessary privileges), short-term actions (implement logging and monitoring, deploy password managers, set up incident response procedures) and longer-term resilience measures (regular access reviews, backups, staff training and cultural change). The hosts emphasise designing security around human behaviour so staff follow safe practices instead of working around them.

    Listeners will get a concise checklist of recommended technical controls — MFA, role-based access, privileged account separation, activity logging and reliable backups — alongside cultural advice: leadership buy-in, recognisable rewards for good security behaviour, and channels for curious employees to learn responsibly. The episode also highlights regulatory shifts, such as the introduction of mandatory Cyber Essentials for certain educational institutions, and links these requirements to small business risk management.

    Expect vivid anecdotes, practical takeaways and a clear call-to-action: if a curious teenager can bypass your systems, it’s time to harden them. Whether you run a two-person firm or a growing small business, this episode provides the context, evidence, and step-by-step priorities to reduce insider risk, detect misuse quickly, and recover from incidents without compromising your customers’ trust.
    Voir plus Voir moins
    41 min
Pas encore de commentaire