The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups

Host Graham Falkner breaks down Microsoft’s February 2026 Patch Tuesday: more than 50 vulnerabilities across Windows and Microsoft 365, including six that were actively exploited before patches arrived. This episode explains which flaws matter, who’s affected, and the practical steps businesses should take immediately.

Coverage includes the six confirmed actively exploited vulnerabilities (triple January’s count): three security‑feature bypasses that remove user protections (including a Word document bypass that is not triggered by Outlook preview), Desktop Window Manager (DWM) flaws that allow privilege escalation — and are being exploited for a second month — a Remote Desktop Services elevation issue found by CrowdStrike, and a Remote Access Connection Manager VPN crash vulnerability with a ready‑made exploit tool in criminal circulation. CISA has added all six to its known exploited list, with federal agencies required to patch by March 3.

The episode also highlights developer‑focused risks: three serious GitHub Copilot flaws that let hidden malicious instructions run commands on a developer’s machine, and a 9.8‑severity flaw in Microsoft’s Azure Cloud Tools for Python. Faulkner explains why developers are high‑value targets and why organizations that build or buy software must prioritize these fixes.

Other major items: January’s three out‑of‑band patches rolled into February’s cumulative update; Microsoft’s upcoming certificate updates that begin expiring from June (important for old or rarely‑connected hardware); SAP’s 26 security notes including a 9.9 remote‑command vulnerability and multiple high‑risk issues that can impact supply chains; Adobe’s 40+ fixes (27 critical), and updates from BeyondTrust, Ivanti, Cisco, Fortinet and others. Note: Google’s Android bulletin for February reported no security fixes.

Special callouts: an Outlook vulnerability that can capture credentials just by previewing a crafted email in the reading pane (apply all related Outlook patches), and Microsoft’s gradual retirement of NTLM which may break legacy business apps unless you plan ahead.

Actionable priorities and patch playbook: First wave (within 24 hours) — apply all six actively exploited fixes, the Azure Python tool patch for developer teams, and all Outlook fixes. Second wave (within 72 hours) — SAP (if you run it), Exchange Server, GitHub Copilot mitigations for developer teams, BeyondTrust remote‑support fixes. Third wave (within one week) — remaining SAP and Adobe updates, Cisco, Fortinet, and other important but not‑yet‑exploited updates. Faulkner stresses verifying deployment, testing remote desktop and Office workflows, and building patch management into incident response playbooks.

Who should listen: IT managers, small business owners, developers, MSPs, and security teams responsible for patching and remote access. The episode gives clear, prioritized guidance to reduce exposure quickly and recommends sharing the full CVE tables and patch tiers with your IT team or managed service provider.

 

Find the Blog Post here: - https://noelbradford.squarespace.com/blog/patch-tuesday-february-2026-six-zero-days-uk-smb-guide-2026

In this urgent episode of Small Business Cybersecurity Guy, hosts Mauven MacLeod and Graham Falkner join the notably fed-up Noel Bradford to unpack four simultaneous, high‑impact campaigns that emerged between late January and early February 2026. We walk listeners through detailed research from Trellix, Securonix, Rapid7 and Microsoft and explain why these attacks matter to every small business — even if you think you’re too small to be a target.

We open with APT28 (Fancy Bear) exploiting CVE‑2026‑21509: a weaponised Office document that triggers on open, drops an Outlook backdoor (MiniDoor/NotDoor) and a C++ implant (Beardshell) injected into svchost.exe, exfiltrating email and system data while blending traffic into legitimate cloud services.

Next, Securonix’s “Dead Vax” campaign shows how commodity criminals now match nation‑state tradecraft. Phishing delivers VHD files that mount like drives, bypass mark‑of‑the‑web warnings and execute fileless loaders that ultimately deploy AsyncRAT — giving attackers remote control, keylogging and full data access.

Rapid7’s analysis of the Chrysalis backdoor reveals a supply‑chain compromise of Notepad++ hosting infrastructure: poisoned installers selectively targeted victims, abused DLL side‑loading and trusted signed binaries to achieve persistent, encrypted backdoors and lateral movement tools. This is supply‑chain risk in practice.

Microsoft’s macOS research details multiple Stealer campaigns (Digit Stealer, Mac Sync, ClickFix, Atomic Stealer and more) distributed through poisoned Google Ads, fake AI tools and messaging apps. These attacks live off native macOS utilities, use AppleScript and Python, and harvest passwords, crypto wallets, SSH keys and cloud credentials — exposing the myth that Macs are immune.

We connect the dots: all four campaigns abused legitimate platforms and native features, used memory‑resident or fileless techniques that bypass signature AV, injected into trusted processes, and moved faster than patch cycles. The real victims are not random users but procurement staff, developers and privileged employees. Small businesses face the same capabilities for a fraction of the cost via malware-as-a-service.

On the regulatory front we cover the Data Use and Access Act (DUAA) changes that took effect in February 2026: cookie and e‑marketing fines jump to £17.5m or 4% of global turnover, new rules around children’s higher protection matters, a new lawful basis for limited public interest processing, and mandatory complaints handling procedures coming into effect on June 19. We explain why a breach today risks vastly larger financial and compliance consequences.

Finally, we give practical, prioritized guidance for small businesses: immediate zero‑cost steps (patch Office, verify Notepad++ versions, show file extensions, audit cookie banners, start a complaints procedure), technical controls to adopt (EDR/behavioral monitoring, managed email security, Mac MDM/EDR, fractionally engaged CISO/CIO), and realistic budgets and trade‑offs for a 20‑person company. Links to all source research and a detailed blog post are in the show notes for listeners who want the technical deep dive.

In this urgent episode of The Small Business Cybersecurity Guide, hosts Noel Bradford, Mauven McLeod and Graham Faulkner bring together three experts to answer one question: why you’re doing security wrong and what practical steps will actually protect your business. We cover four pressing, unconnected problems that share the same root cause — a massive gap between perceived and real security.

Dr. Sarah Chen explains passkeys in plain English: how they remove the shared secret that makes passwords vulnerable, why they defeat phishing, credential stuffing and most brute-force attacks, and exactly how small businesses should pilot them this week. She outlines a three-step rollout (check your identity platform, pilot with five users, support them through setup), recovery and accessibility considerations, device and cost guidance, and the measurable benefits — including dramatically fewer password reset tickets.

Former US government cyber analyst Corinne Jefferson unpacks the CISA ChatGPT incident, where the acting director uploaded sensitive government contracting documents to public ChatGPT despite an approved internal alternative. Corinne explains how exceptions become normalized, why convenience often defeats policy, how this damages security culture, and what organizations should do: enforce technical controls, require documented risk assessments for privileged exceptions, and ensure detection is coupled with a consistent response regardless of who triggers the alert.

Seamus O’Leary shares a practical small-business win: after realising he’d never introduced himself to his insurer’s incident response team, he discovered £18,000+ of pre-incident services already included in his cyber policy — IR plan templates, tabletop exercises, forensics retainers, quarterly scans and a 24/7 breach hotline. The episode walks through the five-week process he used to onboard the insurer’s IR team, fix gaps, run a tabletop, uncover critical weaknesses (unverified backups, unclear ransomware authority, GDPR notification issues) and win board-level funding to replace vulnerable infrastructure.

Noel and the team close with a structural look at cloud sovereignty and vendor concentration: why relying on US cloud providers (AWS, Azure, Google) creates real legal and operational risk regardless of where data is physically stored, how the Cloud Act and post‑Schrems II rules change transfer obligations, and practical mitigation options — encryption with external key control, transfer impact assessments, supplementary measures, vendor diversification and multi‑cloud planning.

Key takeaways for listeners: enable and pilot passkeys to eliminate credential-based attacks; enforce technical controls and documented approvals so seniority doesn’t become an exception to security; call your insurer’s IR contacts and use the services you’ve already paid for; treat cloud region selection as latency choice, not legal sovereignty, and perform real transfer impact assessments and mitigation. The episode mixes concrete how-to steps, governance advice, and real-world examples — from phishing-defeating authentication to saving thousands by activating policy services — all aimed at helping small businesses turn security theatre into dependable protection.

In this episode of Small Business Cybersecurity Guy, hosts Mauven MacLeod, Noel Bradford and Graham Falkner walk you through Module One of their six-part incident response plan series: building your response team. Through the real-world Katie Roberts case study (name changed), they show why independence matters when a breach hits — and how an unbiased incident manager can quickly uncover the truth, coordinate response, and save a business from far worse outcomes.

 

Topics covered include the four core incident roles (external incident manager, technical lead, business continuity coordinator, communications lead), how to find and contract an external IM (insurance, IT referrals, retainer vs pay-per-incident), what an IM can and cannot do, authority and spending limits, and realistic costs and timelines. The hosts explain a simple, achievable four-week setup plan that takes roughly four hours of actual work, and they share templates for team structure, external contacts, authority scripts, implementation timelines, and validation checklists.

 

Key points and takeaways: why impartial coordination matters, how to avoid common provider cover-up biases, the practical steps Katie used to stabilise her business, a real case study of an architecture firm saved from a Friday-afternoon ransomware attack, and concrete homework: find your IM, assign three internal roles, document everything on a single page, brief and validate your team. Listeners will leave with a clear, actionable plan, links to downloadable templates, and the promise that preparation reduces cost, stress, and downtime.

Hosted by Graham Falkner, this episode is a rapid, no‑nonsense January Patch Tuesday breakdown aimed at small businesses and IT owners. Graham walks listeners through Microsoft’s unusually large release of 114 security updates, explains the essential jargon (CVE and CVSS), and highlights why severity scores don’t replace real‑world risk assessments.

The show covers the one vulnerability already being actively exploited (CVE‑2026‑2805 in Desktop Window Manager) and two other high‑risk items used in targeted attacks, plus three zero‑day bugs. Graham takes a deep dive into the critical on‑premises SharePoint emergency (Toolshell campaign, CVE‑2025‑53‑700‑70 and related issues), urging immediate patching and incident response for exposed servers. He also explains the severe Kestrel/ASP.NET Core HTTP request smuggling flaw (CVE‑2025‑55315) and the practical impact on web apps and deployment teams.

The episode reviews other major vendor fixes: SAP’s 16 security updates (including four critical vulnerabilities), Apple’s two WebKit zero days, Adobe’s 32 patches (eight critical affecting Acrobat, Reader and creative apps), HPE OneView’s unauthenticated RCE (CVE‑2025‑37164), and ongoing VMware ESXi risks. Graham calls out long‑delayed Fortinet SSL‑VPN vulnerabilities (including CVE‑2020‑12812) and newer FortiCloud SSO bypasses, stressing that overdue patching still causes widespread compromises.

Practical guidance and priorities are clear and actionable: patch Windows cumulative updates, exposed SharePoint servers, Fortinet edge devices and HPE OneView within 24 hours; address .NET/web app fixes and SAP critical patches within the next 72 hours to one week; then continue with routine maintenance for browsers, Adobe, Cisco and other software. The episode also flags upcoming deadlines and logistics—Oracle’s critical patch update on January 20 and the end of Windows 10 support—so listeners can plan maintenance windows and migrations.

Key takeaways: assume compromise if you haven’t patched exposed services, verify systems after applying updates, assign owners who can patch and redeploy quickly, and treat cumulative Windows updates as all‑or‑nothing. There are no external guests—this episode is hosted solo by Graham Faulkner and aimed at helping small organizations act fast and reduce risk in the wake of an intense Patch Tuesday.

In this episode of the Small Business Cybersecurity Guy, host Noel Bradford is joined by Mauven McLeod and Graham Falkner to unpack the Cabinet Office’s January 2026 Government Cyber Action Plan — a blunt, 100‑page admission that the UK government’s cybersecurity posture is “critically high” risk and that many of its own targets are unachievable. The trio break down the report’s headline findings, case studies of high‑profile failures, and why this matters to you even if you’ve never worked with government.

Key revelations from the Plan covered in the episode include: roughly 28% of government IT is legacy and cannot be defended with modern tools; repeated systemic failures across departments (poor patching, weak passwords, lack of monitoring); high‑cost incidents such as the British Library ransomware recovery and the CrowdStrike outage that cost the UK economy billions; and the Electoral Commission breach that exposed millions of voter records. The hosts explain the language the report uses — from “historical underinvestment” to “not achievable” targets — and what those admissions mean in plain English.

The episode also examines the Cabinet Office’s proposed response: new accountability rules giving accounting officers (permanent secretaries) personal responsibility for cyber risk, routine cyber risk reporting to boards, escalation mechanisms, and potential consequences including removal or public parliamentary scrutiny. The hosts discuss how this mirrors the health & safety/HSE accountability model and why public‑sector reform will likely set the precedent for private‑sector regulation (including implications of forthcoming cyber security and resilience legislation).

Financing and timelines are analysed too: the government has allocated around £210 million to kickstart a central cyber transformation unit with milestones through 2029, but the hosts stress this is a down payment — true remediation will take years and likely billions. The Plan’s investment priorities (visibility/monitoring, accountability, supply‑chain assurance, incident response and skills) form a checklist for businesses to adopt now.

Supply‑chain requirements are a central takeaway: departments will require security schedules, certification (Cyber Essentials, Cyber Essentials Plus, ISO 27001 where appropriate), and documented evidence of controls. These requirements will cascade down through primes to second‑ and third‑tier suppliers, so small businesses should expect tightened demands for proof of security and that compliance will become a competitive advantage.

The hosts finish with practical, actionable advice for small businesses: treat cyber risk as board‑level risk; establish personal accountability and clear escalation; prioritise visibility and monitoring; inventory and pragmatically manage legacy systems; obtain appropriate certifications (Cyber Essentials Plus, ISO etc.) if you have or might have public‑sector exposure; segregate and protect government work; build or improve incident response capability; and use this moment to push cultural change so security is embedded across the organisation.

Throughout the episode Noel, Mauven and Graham provide candid analysis, real examples from recent government failures, and specific steps SMBs can take now to reduce risk and gain a competitive edge as regulation and procurement expectations tighten. Listeners are pointed to the full Government Cyber Action Plan on gov.uk and the podcast blog for a detailed breakdown and sources.

In this episode Mauven McLeod and Graham Faulkner (with Noel Bradford joining partway through) unpack a worrying trend: adversary‑in‑the‑middle (AITM) attacks that steal session tokens and completely bypass conventional multi‑factor authentication (MFA). Using Microsoft’s recent telemetry (a 146% jump in AITM incidents) as a backdrop, they explain how transparent proxy phishing pages relay credentials and MFA approvals to capture session tokens and gain hours of unrestricted access to Microsoft 365 accounts.

The hosts explain, in plain technical terms, why SMS codes, authenticator app push prompts and one‑time codes fail against these attacks and why the stolen session token becomes a single‑factor credential for attackers. They describe what attackers typically do after compromise — mailbox reconnaissance, forwarding rules, OAuth app persistence, and registering new authentication methods — and highlight the scale of automated phishing‑as‑a‑service tools that make these attacks cheap and fast.

The episode then walks through the practical, phishing‑resistant solutions every small business should consider: Windows Hello for Business, hardware security keys (YubiKey, Authentrend and similar), and passkeys on mobile devices. For each option they cover how it works, deployment requirements, licensing or purchase costs, user experience trade‑offs, and which users to prioritize for rollout.

Mauven and Graham recommend a tiered, risk‑based rollout strategy: protect admin and privileged accounts first, then finance/HR/executives, and finally the wider workforce over months. They discuss real‑world gotchas — legacy apps that don’t support modern auth, BYOD complications, mobile workflows, and the need for a secured “break glass” account — plus expected labour, training and hardware costs for a typical 30‑user small business.

Beyond replacing or upgrading MFA, the hosts cover essential complementary controls: conditional access policies, continuous access evaluation (CAE) to shorten token windows, blocking legacy authentication (SMTP/IMAP/POP), impossible‑travel detection, and concrete incident response steps (revoking sessions, removing rogue MFA methods and OAuth apps, checking forwarding rules and mailbox rules, and doing forensics on accessed data).

The episode closes with an immediate to‑do list for small businesses: verify MFA is actually enabled, remove SMS/email MFA methods, plan a phishing‑resistant rollout starting with tier‑1 users, enable conditional access and CAE, and budget for training and support. They also preview an upcoming multi‑episode series to help businesses build a practical incident response plan.

Listeners can expect a technically grounded but actionable discussion aimed at business owners and IT staff: why traditional MFA is still valuable, why it’s not enough against AITM, and exactly how to adopt phishing‑resistant authentication to close that gap.

 

What You'll Learn

Three in the morning. Your phone's ringing. Someone's encrypted your customer database. What do you do?

This trailer launches our most ambitious series yet: a six-module programme running January through March 2026 that transforms panic into a complete, tested incident response plan. Each module drops every two weeks, giving you time to implement before the next one arrives. Between modules, normal episodes continue covering current threats, breaches, and patches.

This Series Will Give You:

• Complete incident response framework for small businesses
• Communication templates you can use during an actual incident
• Threat-specific playbooks for ransomware, data breaches, and system compromises
• Testing procedures that prove your plan works under pressure
• Implementation time built into the schedule
• Practical guidance for teams with real constraints

---

What This Series Covers

Module 1: Incident Response Foundations (Early January 2026)

What You'll Build:

• Clear decision tree for incident classification
• Role definitions (even if your team is three people)
• Initial response procedures
• Documentation requirements
• Escalation pathways

Practical Outputs:

• Who does what, when, and how
• Your first response checklist
• Contact list template

---

Module 2: Building Your Response Team (Late January 2026)

What You'll Build:

• Response team structure for small businesses
• Role assignments that work with limited staff
• External contact management
• Vendor coordination procedures
• Backup personnel plans

Practical Outputs:

• Team roster with responsibilities
• External contacts database
• Succession planning for key roles

---

Module 3: Communication Plans (Early February 2026)

What You'll Build:

• Internal notification procedures
• Customer communication templates
• Regulatory reporting guidance
• Media handling basics
• Stakeholder management

Practical Outputs:

• Communication templates ready to use
• Notification timelines
• Contact escalation matrix

---

Module 4: Threat-Specific Playbooks (Late February 2026)

What You'll Build:

• Ransomware response procedures
• Data breach protocols
• System compromise workflows
• Phishing incident handling
• Insider threat procedures

Practical Outputs:

• Step-by-step playbooks for each threat type
• Decision trees for common scenarios
• Evidence preservation guides

---

Module 5: Testing Your Plan (Early March 2026)

What You'll Build:

• Tabletop exercise framework
• Simulation scenarios
• Assessment criteria
• Continuous improvement process
• Lessons learned documentation

Practical Outputs:

• Test schedule
• Simulation scripts
• Improvement tracking system

---

Module 6: Complete System Integration (Late March 2026)

What You'll Build:

• Your complete, customised IR plan
• Integration with existing processes
• Maintenance schedule
• Annual review procedures
• Staff training programme

Practical Outputs:

• Final incident response plan document
• Ongoing maintenance checklist
• Training materials for your team

---

Between Modules: Normal Episodes Continue

Every other week between module releases, you'll get:

• Latest Breach Analysis: What happened, how it happened, what you can learn
• Critical Security Patches: What you need to apply and why (see our December 2025 Patch Tuesday analysis)
• Emerging Threat Intelligence: Current attacks targeting UK small businesses
• Practical Implementation Guides: Hands-on advice for immediate action

Because security doesn't pause whilst you're building your plan.

---

The Two-Week Implementation Rhythm

Week 1: Module episode drops
Week 2: Implementation time + normal episode
Week 3: Next module episode drops
Week 4: Implementation time + normal episode

This cadence gives you:

• Time to actually implement each module
• Space to ask questions and refine
• Current threat intelligence throughout
• Sustainable pace for resource-constrained teams

---

Why This Series Matters

The UK Small Business Reality

Current State:

• 43% of UK small businesses experienced cyber breaches last year (DSIT 2025)
• Average breach cost: £250,000
• Some breaches exceed £7 million
• 60% of small businesses close within six months of a major cyber incident
• NCSC estimates 50% of UK SMBs will experience a breach annually

The Gap:

• 73% have no board-level cybersecurity responsibility (see Episode 31: The Risk Register Argument)
• Most have no documented incident response plan
• Existing plans are often enterprise frameworks that don't work for SMBs
• When incidents occur, response is reactive panic rather than systematic procedure

The Opportunity:

• Having a tested incident response plan can reduce breach impact by up to 70%
• Cut recovery time significantly
• Minimise business disruption
• Demonstrate due diligence for cyber insurance
• Meet regulatory requirements
• Protect customer trust

---

This Isn't Enterprise Security Theatre

Traditional incident response planning assumes you have:

• Dedicated security team
• 24/7 SOC coverage
• Unlimited budget
• Complex organisational structure
• Enterprise-grade tools

This series assumes you have:

• Limited staff wearing multiple hats
• Constrained budget
• Time pressure
• Real business to run
• Practical need for procedures that actually work

Every recommendation is:

• Tested in actual small business environments
• Budget-conscious
• Time-realistic
• Scalable as you grow
• Focused on high-impact, low-cost implementations

---

Who Should Listen to This Series

This series is particularly relevant for:

• UK small business owners (5-50 employees) who need incident response capability
• Startup founders building security from the ground up
• SME managers responsible for cybersecurity without security backgrounds
• Solo IT staff who handle everything
• Business owners who've invested in prevention but lack response capability
• Anyone who thinks "we're too small to need an incident response plan"
• Directors concerned about personal liability under the Companies Act
• Businesses pursuing Cyber Essentials or cyber insurance
• Professional services firms handling sensitive client data

You'll especially benefit if:

• You've asked "what happens if we get breached?" and had no good answer
• Your current plan is "call the IT guy and hope"
• You've got prevention sorted but no response capability
• You need to demonstrate due diligence for insurance or compliance
• You're responsible for security but lack formal training
• Your team is small and you can't afford enterprise solutions

---

What Makes This Series Different

Practical Implementation Focus

Not theoretical frameworks or consultant waffle. Every module produces concrete, usable outputs you can implement on a Tuesday afternoon between customer calls.

Small Business Specific

Built for teams of 3-50 people, not Fortune 500 enterprises. Acknowledges real constraints around time, money, and expertise.

Tested in Real Environments

Every procedure comes from actual small business implementations. No academic theory or enterprise assumptions.

Sustainable Pace

Two-week rhythm gives you time to implement, refine, and ask questions before the next module arrives.

Continuous Relevance

Normal episodes between modules keep you current on threats, breaches, and patches whilst you're building your plan.

Complete System

Six modules build into one cohesive incident response capability, not disconnected tips.

---

Content Calendar

January 2026:

• Week 1: Module 1 - Incident Response Foundations
• Week 2: Normal Episode (current threats)
• Week 3: Module 2 - Building Your Response Team
• Week 4: Normal Episode (current threats)

February 2026:

• Week 1: Module 3 - Communication Plans
• Week 2: Normal Episode (current threats)
• Week 3: Module 4 - Threat-Specific Playbooks
• Week 4: Normal Episode (current threats)

March 2026:

• Week 1: Module 5 - Testing Your Plan
• Week 2: Normal Episode (current threats)
• Week 3: Module 6 - Complete System Integration
• Week 4: Normal Episode (current threats)

---

Subscribe Now

Don't miss any module in this series. Subscribe on your preferred platform:

Apple Podcasts: Currently ranked #13 in Management category worldwide
Spotify: New episodes every week
All Major Podcast Platforms: Search for "The Small Business Cyber Security Guy"
RSS Feed: Direct feed link

---

Connect With Us

Need Help?

If you need direct assistance with incident response planning or any cybersecurity topic we cover:

Email: hello@thesmallbusinesscybersecurityguy.co.uk
Website: thesmallbusinesscybersecurityguy.co.uk

Resources & Guides

Visit our website for:

• Detailed implementation guides
• Template downloads
• Step-by-step walkthroughs
• All episode show notes and transcripts
• Blog articles expanding on episode topics

Newsletter

"No BS Cyber for SMBs" on LinkedIn - practical cybersecurity advice delivered weekly by Noel Bradford

Share This Series

Know someone who needs this? Share with:

• Business owners without incident response plans
• IT managers dealing with limited resources
• Directors concerned about cyber liability
• Anyone responsible for small business security

---

About the Hosts

Noel Bradford

With over 40 years in IT and cybersecurity across enterprises including Intel, Disney, and BBC, Noel now serves as CIO/Head of Technology for a boutique security-first MSP. He brings enterprise-level expertise to small business constraints, translating million-pound solutions into hundred-pound budgets. His mission is making cybersecurity practical and achievable for resource-constrained small businesses.

Mauven MacLeod

Former UK Government cyber analyst, Mauven brings systematic threat analysis and government-level security thinking to commercial reality. With her Glasgow roots and ex-government background, she translates complex security concepts into practical advice for small businesses, asking the questions business owners actually need answered.

---

Related Episodes & Blog Posts

Preparation for This Series:

• Episode 17: Social Engineering - The Human Firewall Under Siege
• Episode 30: The Printer Is Watching - IoT Security
• Episode 29: Reverse Benchmarking - Learning from Disasters
• Episode 31: Boards, Breaches and Accountability - Risk Registers

Related Blog Posts:

• Reverse Benchmarking: Why Studying Cyber Failures Beats Copying Best Practices
• The Risk Register Argument - When Your Co-Host Says You're Wrong About Governance
• How to Build a Cyber Risk Register That Actually Works
• Your First Cyber Risk Register: 2-Hour Implementation Guide
• Your £15,000 Security Investment Just Got Defeated by a £300 Printer
• Three Zero Days And A Christmas Timebomb: December Patch Tuesday Analysis

---

Support the Show

If this series provides real value to your business:

1. Leave a Review on Apple Podcasts or Spotify - tell us what you're implementing
2. Share Episodes with other business owners who need this
3. Tell Us What's Landing - your feedback helps us create more useful content
4. Subscribe so you don't miss any modules

---

Legal Disclaimer

Everything discussed in this series is for general guidance and educational purposes. It's meant to point you in the right direction but absolutely shouldn't be treated as professional advice tailored specifically to your business. Your situation is unique. What works brilliantly for one business might be completely inappropriate for another.

We do our very best to keep everything accurate and current, but the cybersecurity world moves quickly. Things can change between when we record and when you're listening, so always double-check critical technical details with qualified professionals before making major changes to your systems.

If we mention websites, products, or services, we're giving you information, not necessarily endorsing them. We can't be responsible for what happens on their end or if things go sideways when you use them.

If you're dealing with serious cybersecurity incidents, actual data breaches, or complex compliance issues, please talk to proper professionals rather than just relying on podcast advice. We're here to educate and help you understand the landscape, not to replace your security consultant, solicitor, or IT team.

Think of us as your knowledgeable mates down the pub who work in cybersecurity, not your official contracted consultants. We care about your business, but we're not your insurance policy.

Stay safe out there, keep learning, and remember: when in doubt, get a second opinion from someone who can see your specific situation.

---

This has been a Small Business Cyber Security Guy production. Copyright 2025, all rights reserved.

Series Preview | December 2025 | The Small Business Cyber Security Guy Podcast

---

Hashtags

#IncidentResponse #CyberSecurity #SmallBusiness #UKBusiness #SMBSecurity #CyberEssentials #BusinessContinuity #DisasterRecovery #NCSC #InfoSec #RiskManagement #DataProtection #GDPR #CyberInsurance #BusinessResilience #ThreatResponse #SecurityPlanning #UKCyber #EnterpriseSecurity #PracticalSecurity