It begins simply: a worn hardback on a bookshelf, a black marker on the title page, and a 75-cent discrepancy in a lab bill. What sounds like a footnote in an accounting ledger becomes the hook of a detective story—one where curiosity, persistence, and a refusal to write off tiny anomalies expose an international spy ring.

We pull you back to the mid-1980s at Lawrence Berkeley Lab, where phones, modems and shared terminals hum with a world before always-on internet. Cliff Stoll, a meticulous sysadmin, refuses to accept that the accounts are merely off. He unspools the ledger, reads the logs, and follows the faint, odd patterns of someone who shouldn’t be there: late-night dial-ins, strange commands, connections that don’t fit any researcher’s schedule.

Stoll’s investigation reads like a thriller. He turns on exhaustive session logging, builds a crude beeper to alert him at home when the intruder connects, and—most audacious of all—keeps the intruder online just long enough for telephone engineers to trace the call. Printouts, persistence, and partnerships with the phone company slowly stitch together a trail that crosses oceans and points to a hacker in West Germany.

From a paltry billing error to a Cold War espionage case, the narrative is both dramatic and instructive. Marcus Hess’s activities reveal how small anomalies can be the first sign of serious compromise, and how careful evidence collection and dogged investigation can turn a minor puzzle into a breakthrough.

But this episode is not only history; it is a manual in disguise for the small-business owner in 2026. We translate Stoll’s playbook into modern terms: enable and retain logs, set simple alerts (the digital beeper), preserve evidence, work with your ISP and cloud providers, and resist the urge to “tidy up” an incident before it’s understood. The tools have changed, but the mindset hasn’t—curiosity, stubbornness, and methodical recording win more often than brilliant firewalls alone.

Throughout the episode Noel Bradford, Graham Falkner and Maurven McLeod blend storytelling with hands-on advice—how long to keep sign-in records, what to do when you spot a 3am login from another country, and the small, affordable controls that make a huge difference. You’ll hear the thrill of discovery, the slow build of a trace, and the simple takeaways any small team can implement tomorrow.

By the end, the story is both a cautionary tale and an invitation: treat the little things seriously, cultivate a culture that rewards curiosity, and remember that a tiny anomaly can save you from a catastrophe. If a 75-cent error once outed a spy, imagine what noticing the £1 blip on your SaaS invoice could save you. Tune in, be curious, and mind your logs.

Cybersecurity Guide — Noel Bradford takes you inside a familiar office on an ordinary afternoon, where the threat isn’t a dramatic breach but the quiet, avoidable moment someone decided not to ask a question. This episode treats curiosity as a defence: not a flashy tool or dashboard, but the simple act of saying, "hang on, that looks wrong," and the cultural choices that kill it.

Through vivid, everyday examples — the receptionist who spots a strange supplier request, the apprentice surprised by an overseas sign-in prompt, the accounts clerk seeing a slightly altered bank account — Noel shows how small hesitations can be the thin line between routine work and an expensive compromise. He explains why cyber criminals prefer polite, rushed offices and how well-meaning efficiency often becomes a buffet for fraud.

This is part cautionary tale and part playbook. Noel explores how organisations teach the right words — report scams, protect accounts, patch systems — but then reward speed over sense, punish false alarms, and make reporting cumbersome. The result: curiosity is trained out of people, and the last reasonable question is smothered by eye rolls and impatience.

Actionable changes are surprisingly simple. Make reporting take ten seconds. Praise the person who raises a false alarm. Add a mandatory pause and callback verification for supplier bank changes. Make senior leaders follow the same rules as everyone else. Treat reports as signals to be measured and celebrated, not interruptions to be tolerated.

Noel reminds listeners that curiosity doesn’t replace MFA, patching, backups or email security — tools matter — but people catch what automated controls miss. He argues that a culture that protects and rewards questioning is the most cost‑effective control a small business can buy: priceless, free, and often ignored.

By the end of the episode you’ll hear a clear, one‑sentence improvement managers can make today: if something looks wrong, stop and ask. That sentence costs nothing, irritates bad managers, and may save thousands. This is a rallying call to treat curiosity as a measurable, defendable security control and to build workplaces where asking a sane question is always the right move.

I’m Noel Bradford and this episode opens with a simple, unsettling image: a little black NVR humming away since 2017 like a haunted toaster with network access. That hum is not background noise — it’s the beginning of a story about negligence, default settings and the strange ways everyday devices turn into windows into your business.

We follow a typical small-business scene: an installer fits cameras, the mobile app works, the owner checks the yard from home and everyone breathes easy. Then five years pass. Broadband changes, the person who knew the password leaves, firmware becomes ancient and, because nobody asked the grown-up question, some cameras are quietly recording sound. The feature was on by default. The question was never asked: why are we recording audio?

The episode traces how that missed question multiplies into risk. Cameras and recorders aren’t just bolt-and-forget hardware; they’re networked computers with IP addresses, admin portals, cloud relays and user accounts. Left unmanaged, they sit on the same flat network as payroll, tills and file servers and become tempting footholds for attackers who don’t care about your business — they care about what’s exposed.

Through vivid, practical examples, we show how an attacker doesn’t need your footage — they need the position. Pivoting, harvesting credentials, persistence, or using that device as infrastructure are all within reach when devices lack ownership, patches and sensible access controls. And if audio is enabled, suddenly the risk is also a privacy problem: staff conversations, sensitive customer details and whispered passwords can turn up on a clip nobody intended to exist.

But this isn’t meant to spark panic. It’s a call for grown-up management. We walk listeners through the steps that change risk into control: find the devices, walk the site, inventory every camera, NVR and smart gadget; document owners, network segment and audio capability; segment networks so devices don’t talk to everything; replace default accounts with unique credentials and MFA; patch or plan replacements for unsupported kit; and, crucially, decide and document whether audio should be enabled — not leave it to a wizard’s default.

Along the way we paint the human moments — the frustrated owner, the installer who moved on, the staff member who keeps a camera app on their phone — to make the technical problems feel immediate and solvable. By the end of the episode listeners will understand that cameras bolted to walls are part of the attack surface, microphones double that risk, and the single most powerful question in cybersecurity is simple: who owns this thing?

This episode is practical, candid and aimed at small businesses that think their CCTV is just facilities kit. Treat your cameras like computers, treat microphones like privacy, and start fixing the things you’ve forgotten. Start with a walk round, a list, and someone who is responsible — it’s dull, but dull beats emergency meetings with the emotional temperature of a bin fire.

Noel Bradford rips into the cyber marketing circus and pulls back the curtain on the real threat modern businesses are ignoring. He opens with a laugh — and a damning image: a hip vegan coffee shop, oat milk lattes, a creator’s scare-ad for a VPN, and an affiliate link. It’s funny until you realise the joke’s on us. In 2014 we defended the network; in 2026 attackers simply walk through the front door by stealing identity.

This episode traces that evolution like a detective story. Noel shows how HTTPS, smarter phones, and better browsers made old fears obsolete, while criminals moved upstream into session hijacking, OAuth abuse, and adversary‑in‑the‑middle phishing that steals tokens after MFA succeeds. He paints scenes that stick — the tired traveller connecting to an almost‑right SSID at an airport, the finance director approving payroll from an unmanaged iPhone — and explains why those moments matter far more than a packet sniffed over biscotti.

Through vivid anecdotes and no‑nonsense analysis, Noel lays out what small businesses actually face: mobile devices that are portable identity containers, brittle MFA habits, and session tokens that act like keys to the castle. Then he flips to solutions that aren’t clickbait: shorten token lifetimes, move privileged users to phishing‑resistant MFA and passkeys, enforce device compliance and mobile device management, revoke sessions aggressively, and treat personal phones like the powerful admin tools they are — not accessories.

Part rant, part roadmap, the episode gives you the sharp, practical perspective you need to stop worrying about ghosts in coffee shops and start defending what matters: trust, sessions, and the identity stack. Tune in for hard truths, clear steps you can act on, and the kind of hot take that actually helps you protect your business before the next breach arrives.

The call starts like any other—slides, a sales voice, a tidy monthly price—and then it goes sideways. Noel Bradford walks listeners into a vendor meeting that feels less like a sales pitch and more like a cautionary tale: a shiny cyber bundle advertised to small businesses, but missing the muscle when real danger arrives. Against the hum of corporate growth statistics and glowing dashboards, Noel spots the cracks that too many packages hide.

He pulls back the curtain on the industry’s boom—2,603 active firms, rising revenues, an army of portals—and shows how that growth can multiply confusion rather than protection. The narrative tightens around a single, telling moment: a product called out for what it is, and a sales rep who shuts the deck when asked the uncomfortable but essential question—what does incident response actually mean?

Through sharp, conversational storytelling, Noel illustrates the difference between a list of features and real incident ownership. Dark web scanning, phishing simulations, insurance—each sounds useful, but each can become a dangerous reassurance without the people, process, and authority to act when the alarm sounds. The episode makes the cost of misunderstanding painfully real: £25 a month promises comfort but may leave a business exposed when response work—legal coordination, evidence preservation, communications and technical recovery—becomes urgent and expensive.

Listeners are led scene by scene through the meeting: the casual assumptions, the defensive sales pivot, the moment the vendor chooses convenience over clarity. Noel’s voice threads in professional hard-won detail about what proper incident response entails—triage, containment, insurer liaison, decision logging—and why those things are not optional extras hidden behind a portal.

Finally, the episode becomes a rallying cry for both buyers and sellers. Small business owners get a checklist of the blunt, necessary questions to ask before they buy a bundle. Vendors are challenged to stop masking light services with heavy language. The story closes on a clear, practical warning: cyber sold like broadband builds a stronger case for doing nothing, and attackers are patient.

Engaging, candid, and sharply observant, this episode of Small Business Cybersecurity Guy gives you the scene, the stakes, and the straight talk you need to see past slick packaging—because when your business is on fire, you don’t want a signpost, you want someone who owns the incident.

I'm Noel Bradford, and today the app millions of us told our users to trust has just become the story. Microsoft Authenticator — the little green tick that used to mean 'you’re safe' — has a flaw: CVE-2026-41615. It sounds like a dry line on a vulnerability list, but the reality is cinematic. An app on a phone, a single tap, and a service can be tricked into handing an attacker the very token that proves you are who you say you are. That’s not an academic problem; that’s an open door to email, Teams, SharePoint, OneDrive, finance systems and the privileged keys that run your business.

Picture tokens as wristbands at a festival: once you’ve got one, you don’t queue for every stall. Great for productivity. Terrible if a thief pinches it. This flaw is an information disclosure — but the information being disclosed is an access token. An attacker still needs to trick a human into approving a legitimate-looking request, but humans are busy, distracted, and persuasive social engineers know it. ‘Requires user interaction’ is not the same as ‘hard to exploit.’

The scandal isn’t that Microsoft shipped a bug — all software has bugs. The scandal is how many organisations built their identity on an app they do not inventory, version-check, or treat as critical infrastructure. Automatic updates, wishful thinking, and an unmonitored fleet of personal phones are not a security strategy. The fix exists: updated versions (Android: 6.2605.2973+, iOS: 6.847+). The harder work is knowing who has those versions and who doesn’t.

This episode walks you through what actually matters: identify which users — especially privileged ones — are exposed; push or instruct updates; verify versions; review sign-in logs; and consider revoking sessions and tightening conditional access after patching. Patching closes the door, but tokens may linger. That’s why you must treat sessions, tokens and admin accounts as living assets that need governance, not artifacts you paid once for and then hoped would behave.

I’ll cut through the CVSS score arguments and the analyst chatter. Whether some lists call it critical or high, the business question is simple: can a work account token be exposed after user interaction? Yes. Is Microsoft Authenticator part of the trust chain for your cloud identity? Yes. Do many small businesses rely on it without visibility? Also yes. The answer to all three is enough to move from complacency to action.

By the end of this episode you’ll understand the attack in plain English, what to check first (privileged accounts, device management, update versions), and the practical steps your MSP or in-house IT must take today. This is not fear-selling; it’s a call for grown-up identity hygiene. MFA remains essential — but it isn’t magic. Treat the app as software, the token as a valuable asset, and your identity controls as infrastructure that must be governed.

Update the app. Verify the versions. Review tokens and sessions. Move high‑privilege users toward phishing‑resistant authentication. Don’t assume automatic updates are proof. Turn the green tick back into an engineered assurance, not a poster on the wall. This episode is a wake-up call for anyone who thought ticking the MFA box was the end of the story.

Listen as Noel Bradford — the Small Business Cyber Security Guy — pulls back the curtain on a criminal economy that looks eerily like a legitimate market. The story begins not with a hooded hacker in a basement but with supply chains, service desks, affiliate margins and racks of phones pretending to be people: an industrialised machine that Europol lays bare in IOCTA 2026.

Imagine a landlord who rents lockups to burglars and never asks why everyone arrives at 3am. Now imagine that landlord runs a global network of proxies, bulletproof hosting and sim farms that let criminals create millions of fake accounts, receive one-time codes and vanish with the money. Noel walks you through that rack of 40,000 SIMs and the jaw-dropping scale — 49 million accounts created — and shows how criminal services chain together into a repeatable, low-cost supply model.

He tells the story of the modern ransomware franchise: not a lone crew but brands, affiliate programs and negotiation services, with some gangs offering affiliates 80–85% of ransoms. This isn’t cinematic drama — it’s commercial logic. Criminals buy speed, scale and plausible deniability; law enforcement chases the velocity gap. AI writes the scams, proxies hide the origin, crypto moves the money, and encrypted platforms slow evidence gathering. The result: a faster, stealthier, more connected threat.

Noel’s narrative turns the Europol report into a mirror for small businesses. It’s not just about technical fixes — it’s about whether the products and certificates you buy actually match the way crime now works. He uses vivid examples (sim farms, DNS abuse, data-leak extortion) to make one blunt point: a backup is crucial, but it doesn’t unsend stolen customer lists or unpublish payroll files. Your recovery plan must cover communications, legal, insurers and reputational damage — not only server restore points.

Through sharp, practical storytelling Noel gives you three immediate actions small businesses can do this week: email your IT supplier and ask if they’ve read IOCTA 2026, audit every SMS-based workflow that handles money or identity, and rethink your ransomware plan around stolen data being published. He frames these as homework, not panic — small, urgent steps that cut through vendor theatre and certificate-shaped comfort.

By the end of the episode you’ll see the threat differently: no longer isolated buckets of ransomware or fraud but a joined-up criminal economy exploiting weak identity, cheap infrastructure and slow institutional response. Noel doesn’t just warn you — he shows you how to start fixing it, with plain questions to suppliers and concrete checks you can run in a day. This is a wake-up call dressed as a podcast episode: direct, unflinching and built to move small businesses from complacency to grown-up risk management.

The 43% Cyber Attack Statistic: Are We Being Sold Fear?

Every spring, the UK government drops a cyber statistic that makes headlines, fills vendor slide decks, and gives nervous business owners another reason to stare bleakly into their coffee. The claim? Around 43% of UK businesses suffered a cyber breach or attack last year.

Sounds terrifying, doesn’t it?

Except there is a problem. A bloody big one.

The methodology counts phishing emails as breaches even when nobody clicked, nobody engaged, and nothing happened. In other words, your business could block thousands of dodgy emails, suffer no damage, lose no money, and still get swept into the headline figure.

Buried deeper in the same government report is a far more useful number.

In this episode, the team pulls apart ten years of survey data and asks an uncomfortable question: who benefits when cyber risk gets inflated? Government comms teams get a stronger headline. Vendors get better scare copy. Compliance theatre gets another curtain call. Meanwhile, small businesses are left wondering whether they are genuinely at risk or just being sold another steaming plate of fear.

We also admit something important. We fell for the 43% number ourselves two weeks ago. So this episode is not just a takedown. It is a correction.

What should a 20 person business actually do with this information? Ignore cyber risk? Absolutely not. Panic buy another shiny security product because someone waved a big scary percentage at you? Also no.

The answer sits somewhere far more useful: understand the real risk, ask better questions, spend money where it matters, and stop letting fear based marketing write your security strategy.

Links

• Department for Science, Innovation and Technology
• Cyber Security Breaches Survey 2026
• Office for Statistics Regulation
• Office for National Statistics
• Home Office
• Computer Misuse Act 1990
• FBI IC3 Annual Reports
• NCSC Cyber Essentials Overview