

216.1K
Downloads
101
Episodes
The UK's leading small business cybersecurity podcast, helping SMEs protect against cyber threats without breaking the bank.
Join cybersecurity veterans Noel Bradford (CIO at Boutique Security First MSP) and Mauven MacLeod (ex-UK Government Cyber Analyst) as they translate enterprise-level security expertise into practical, affordable solutions for UK small businesses.
đŻ WHAT YOU'LL LEARN:
- Cyber Essentials certification guidance
- Protecting against ransomware & phishing attacks
- GDPR compliance for small businesses
- Supply chain & third-party security risks
- Cloud security & remote work protection
- Budget-friendly cybersecurity tools & strategies
đ PERFECT FOR:
- UK small business owners (5-50 employees)
- Startup founders & entrepreneurs
- SME managers responsible for IT security
- Professional services firms
- Anyone wanting practical cyber protection advice
Every episode delivers actionable cybersecurity advice that you can implement immediately, featuring real UK case studies
The UK's leading small business cybersecurity podcast, helping SMEs protect against cyber threats without breaking the bank.
Join cybersecurity veterans Noel Bradford (CIO at Boutique Security First MSP) and Mauven MacLeod (ex-UK Government Cyber Analyst) as they translate enterprise-level security expertise into practical, affordable solutions for UK small businesses.
đŻ WHAT YOU'LL LEARN:
- Cyber Essentials certification guidance
- Protecting against ransomware & phishing attacks
- GDPR compliance for small businesses
- Supply chain & third-party security risks
- Cloud security & remote work protection
- Budget-friendly cybersecurity tools & strategies
đ PERFECT FOR:
- UK small business owners (5-50 employees)
- Startup founders & entrepreneurs
- SME managers responsible for IT security
- Professional services firms
- Anyone wanting practical cyber protection advice
Every episode delivers actionable cybersecurity advice that you can implement immediately, featuring real UK case studies
Episodes

Thursday May 28, 2026
AI vs The Patch Queue: When Faster Discovery Breaks Business
Thursday May 28, 2026
Thursday May 28, 2026
Noel Bradford opens the episode with a wry grin and a simple warning: AI has put a jet engine on vulnerability discovery, and that turbocharged speed is coming straight for your patch queue. He paints a scene that starts idyllicâresearchers, vendors, and defenders holding hands in a meadowâand then smashes it into the small-business reality everyone knows: an ageing accounts package, two neglected servers, a printer that suddenly has feelings, and a spreadsheet last updated by someone called Maybe James.
Through sharp, conversational storytelling, Noel follows the trail from shiny headlines about faster vulnerability discovery to the quieter, nastier truth: more findings mean more advisories, more tickets, and more decisions. For teams already drowning in alertsâendpoint warnings, vendor advisories, and countless scanner resultsâAI doesnât rescue them. It simply shines a brighter light on the rot.
The episode becomes a practical parable about what actually prevents breaches: fundamentals. Noel walks listeners through the essentials as if he were guiding a reluctant business owner around a cluttered workshopâbuild a real asset inventory (not a mythical one), assign clear ownership, book maintenance windows that arenât pretend, and document exceptions with accountability. He explains how these mundane actions are the real defenses, not the latest headline-grabbing CVE score.
But the story isnât all doom. Noel argues that AI can helpâif your processes are mature. Faster discovery can help defenders and vendors if decisions are made quickly and sensibly. The heart of the episode is a leadership appeal: patch management is a business problem that touches operations, budgets, and reputations. When the business says ânoâ to maintenance and âlaterâ to upgrades, it builds a swamp, and IT is left to slog through it.
The episode closes on a clear, rallying note: the AI patch wave is coming, and the question isnât whether new vulnerabilities will appearâitâs whether your organisation has a process or just Dave, a spreadsheet, and a headache. Listen for practical measures, memorable metaphors, and a call to treat patching as governance, not theatreâbecause speed is now the test of your maturity.

Wednesday May 27, 2026
When Cybercrime Stops the Till: Why It's a Business Problem, Not IT's
Wednesday May 27, 2026
Wednesday May 27, 2026
Noel Bradford opens the episode with a blunt question: what does a cyber attack really cost your business? He takes us out of the server cupboard and into the meeting room, where time lost, money gone, reputations dented and growth stalled are the metrics that actually matter. Through vivid examplesâpayment fraud that empties a ledger, ransomware that freezes production, a supplier breach that hands customers to a competitorâNoel shows how an email, a weak password or a forgotten server can cascade into an existential business crisis.
The narrative follows small businesses facing an uncomfortable truth: cybercrime is no longer an edge-case IT headache, itâs a predictable criminal business model that targets people, process and trust. Noel cites fresh data that brings the story to lifeâfraud, scams and attacks are climbingâand he paints a picture of criminals with playbooks, support desks and supply chains that mirror legitimate industry behaviour. The result? An urgent call to move cyber from back-office grudge purchase to front-page boardroom agenda.
Rather than drowning listeners in technical jargon, the episode uses sharp, practical questions to reframe risk: what would stop you trading? which systems must be restored first? who can authorize emergency spend? Those questions drive the story into real-world decisionsâpayment controls, MFA, backup testing, supplier access reviewsâand expose how leadership failures, not just missing patches, make incidents costly.
Noelâs voice guides listeners from complacency to clarity. He unmasks common excusesââthat serverâs fineâ, âweâll sort it after the quarterââand shows the human moments that save or sink companies: the staff member who spots a scam, the CFO who questions a change of bank details, the manager who canât find an incident owner when minutes matter. The stakes are personal: customers lose trust, staff waste time, opportunities evaporate and the business pays the bill.
The episode closes as a call to arms and to common sense. Cybersecurity becomes business continuity with a login prompt: add cybercrime to the risk register, map systems that stop trading, budget for resilience and, crucially, assign accountability. Noel leaves listeners with a clear storyline to act onâlead from the top, test your recovery, and treat cyber the cost of doing business before it treats you like lunch.

Tuesday May 26, 2026
Don't Worship the Green Tick: Why Backups Won't Save You
Tuesday May 26, 2026
Tuesday May 26, 2026
Noel Bradford opens the episode with a provocation: backups are sacred in small businesses, but too often they're a comforting myth. Picture a bright Monday at 9am â the backup dashboard is full of green ticks, the MSP report lands in an inbox that breathes a little easier, and then a criminal in muddy boots asks the question nobody practised: what can you actually recover, by when, and who knows how?
This episode walks listeners through the moments when assumptions collapse. It's not the encryption that usually kills a business â it's the downtime, the missing passwords, the licence keys lost in a cupboard of doom, the renamed folders that quietly excluded critical data for years. Bradford stitches together real-world missteps into a narrative that makes the stakes painfully clear: a back-up is an ingredient, not a plan.
You'll hear why green ticks and dashboards are little more than participation trophies unless somebody has rehearsed the restore. The host paints vivid scenes of restores that take days, data that is stale, and the awkward management meetings that follow: "Why didn't anyone test this?" â a question delivered with the cool late-arrival of hindsight.
Practical guidance arrives as character and plot: follow the NCSC ransomware guidance, heed ICO data-protection duties if personal data is involved, and for U.S. listeners map the same hard lessons to Stop Ransomware guidance. The episode turns policy into action â keep protected copies, separate backup admin access, document recovery priorities, and most importantly, test restores so that belief becomes evidence.
Bradford dismantles cloud complacency with a sharp scene: Microsoft 365 or Google Workspace may keep a service running, but platform availability is not the same as your ability to recover a deleted or compromised dataset. That gap is where assumptions die â and where attackers exploit your good intentions.
The heart of the episode is a series of hard questions that force organisations out of warm thinking and into recovery planning: what systems must be back by lunchtime, who declares the incident, who calls the insurer, how do you contact staff and customers if email is gone, and where are the credentials if your password manager is offline? Each question is a beat in the story, a test of whether a business has a plan or just hope.
By the end, the message is plain and urgent: buy recovery, not reassurance. Test restores, document processes, define Recovery Time and Point Objectives in plain English, protect copies from deletion, and rehearse the incident playbook until the drama becomes boring. The episode closes like a scene change â make recovery ordinary now, before attackers make it dramatic.

Monday May 25, 2026
The 75¢ Clue: How a Tiny Billing Error Unmasked a Cold War Hacker
Monday May 25, 2026
Monday May 25, 2026
It begins simply: a worn hardback on a bookshelf, a black marker on the title page, and a 75-cent discrepancy in a lab bill. What sounds like a footnote in an accounting ledger becomes the hook of a detective storyâone where curiosity, persistence, and a refusal to write off tiny anomalies expose an international spy ring.
We pull you back to the mid-1980s at Lawrence Berkeley Lab, where phones, modems and shared terminals hum with a world before always-on internet. Cliff Stoll, a meticulous sysadmin, refuses to accept that the accounts are merely off. He unspools the ledger, reads the logs, and follows the faint, odd patterns of someone who shouldnât be there: late-night dial-ins, strange commands, connections that donât fit any researcherâs schedule.
Stollâs investigation reads like a thriller. He turns on exhaustive session logging, builds a crude beeper to alert him at home when the intruder connects, andâmost audacious of allâkeeps the intruder online just long enough for telephone engineers to trace the call. Printouts, persistence, and partnerships with the phone company slowly stitch together a trail that crosses oceans and points to a hacker in West Germany.
From a paltry billing error to a Cold War espionage case, the narrative is both dramatic and instructive. Marcus Hessâs activities reveal how small anomalies can be the first sign of serious compromise, and how careful evidence collection and dogged investigation can turn a minor puzzle into a breakthrough.
But this episode is not only history; it is a manual in disguise for the small-business owner in 2026. We translate Stollâs playbook into modern terms: enable and retain logs, set simple alerts (the digital beeper), preserve evidence, work with your ISP and cloud providers, and resist the urge to âtidy upâ an incident before itâs understood. The tools have changed, but the mindset hasnâtâcuriosity, stubbornness, and methodical recording win more often than brilliant firewalls alone.
Throughout the episode Noel Bradford, Graham Falkner and Maurven McLeod blend storytelling with hands-on adviceâhow long to keep sign-in records, what to do when you spot a 3am login from another country, and the small, affordable controls that make a huge difference. Youâll hear the thrill of discovery, the slow build of a trace, and the simple takeaways any small team can implement tomorrow.
By the end, the story is both a cautionary tale and an invitation: treat the little things seriously, cultivate a culture that rewards curiosity, and remember that a tiny anomaly can save you from a catastrophe. If a 75-cent error once outed a spy, imagine what noticing the ÂŁ1 blip on your SaaS invoice could save you. Tune in, be curious, and mind your logs.

Sunday May 24, 2026
Curiosity Is a Cybersecurity Control: The Cheapest Defense You're Ignoring
Sunday May 24, 2026
Sunday May 24, 2026
Cybersecurity Guide â Noel Bradford takes you inside a familiar office on an ordinary afternoon, where the threat isnât a dramatic breach but the quiet, avoidable moment someone decided not to ask a question. This episode treats curiosity as a defence: not a flashy tool or dashboard, but the simple act of saying, "hang on, that looks wrong," and the cultural choices that kill it.
Through vivid, everyday examples â the receptionist who spots a strange supplier request, the apprentice surprised by an overseas sign-in prompt, the accounts clerk seeing a slightly altered bank account â Noel shows how small hesitations can be the thin line between routine work and an expensive compromise. He explains why cyber criminals prefer polite, rushed offices and how well-meaning efficiency often becomes a buffet for fraud.
This is part cautionary tale and part playbook. Noel explores how organisations teach the right words â report scams, protect accounts, patch systems â but then reward speed over sense, punish false alarms, and make reporting cumbersome. The result: curiosity is trained out of people, and the last reasonable question is smothered by eye rolls and impatience.
Actionable changes are surprisingly simple. Make reporting take ten seconds. Praise the person who raises a false alarm. Add a mandatory pause and callback verification for supplier bank changes. Make senior leaders follow the same rules as everyone else. Treat reports as signals to be measured and celebrated, not interruptions to be tolerated.
Noel reminds listeners that curiosity doesnât replace MFA, patching, backups or email security â tools matter â but people catch what automated controls miss. He argues that a culture that protects and rewards questioning is the most costâeffective control a small business can buy: priceless, free, and often ignored.
By the end of the episode youâll hear a clear, oneâsentence improvement managers can make today: if something looks wrong, stop and ask. That sentence costs nothing, irritates bad managers, and may save thousands. This is a rallying call to treat curiosity as a measurable, defendable security control and to build workplaces where asking a sane question is always the right move.

Saturday May 23, 2026
Your CCTV Is Listening: The Cameras You Forgot Are a Cyber Problem
Saturday May 23, 2026
Saturday May 23, 2026
Iâm Noel Bradford and this episode opens with a simple, unsettling image: a little black NVR humming away since 2017 like a haunted toaster with network access. That hum is not background noise â itâs the beginning of a story about negligence, default settings and the strange ways everyday devices turn into windows into your business.
We follow a typical small-business scene: an installer fits cameras, the mobile app works, the owner checks the yard from home and everyone breathes easy. Then five years pass. Broadband changes, the person who knew the password leaves, firmware becomes ancient and, because nobody asked the grown-up question, some cameras are quietly recording sound. The feature was on by default. The question was never asked: why are we recording audio?
The episode traces how that missed question multiplies into risk. Cameras and recorders arenât just bolt-and-forget hardware; theyâre networked computers with IP addresses, admin portals, cloud relays and user accounts. Left unmanaged, they sit on the same flat network as payroll, tills and file servers and become tempting footholds for attackers who donât care about your business â they care about whatâs exposed.
Through vivid, practical examples, we show how an attacker doesnât need your footage â they need the position. Pivoting, harvesting credentials, persistence, or using that device as infrastructure are all within reach when devices lack ownership, patches and sensible access controls. And if audio is enabled, suddenly the risk is also a privacy problem: staff conversations, sensitive customer details and whispered passwords can turn up on a clip nobody intended to exist.
But this isnât meant to spark panic. Itâs a call for grown-up management. We walk listeners through the steps that change risk into control: find the devices, walk the site, inventory every camera, NVR and smart gadget; document owners, network segment and audio capability; segment networks so devices donât talk to everything; replace default accounts with unique credentials and MFA; patch or plan replacements for unsupported kit; and, crucially, decide and document whether audio should be enabled â not leave it to a wizardâs default.
Along the way we paint the human moments â the frustrated owner, the installer who moved on, the staff member who keeps a camera app on their phone â to make the technical problems feel immediate and solvable. By the end of the episode listeners will understand that cameras bolted to walls are part of the attack surface, microphones double that risk, and the single most powerful question in cybersecurity is simple: who owns this thing?
This episode is practical, candid and aimed at small businesses that think their CCTV is just facilities kit. Treat your cameras like computers, treat microphones like privacy, and start fixing the things youâve forgotten. Start with a walk round, a list, and someone who is responsible â itâs dull, but dull beats emergency meetings with the emotional temperature of a bin fire.

Friday May 22, 2026
The Coffee Shop Myth â How Identity, Not WiâFi, Lets Attackers In
Friday May 22, 2026
Friday May 22, 2026
Noel Bradford rips into the cyber marketing circus and pulls back the curtain on the real threat modern businesses are ignoring. He opens with a laugh â and a damning image: a hip vegan coffee shop, oat milk lattes, a creatorâs scare-ad for a VPN, and an affiliate link. Itâs funny until you realise the jokeâs on us. In 2014 we defended the network; in 2026 attackers simply walk through the front door by stealing identity.
This episode traces that evolution like a detective story. Noel shows how HTTPS, smarter phones, and better browsers made old fears obsolete, while criminals moved upstream into session hijacking, OAuth abuse, and adversaryâinâtheâmiddle phishing that steals tokens after MFA succeeds. He paints scenes that stick â the tired traveller connecting to an almostâright SSID at an airport, the finance director approving payroll from an unmanaged iPhone â and explains why those moments matter far more than a packet sniffed over biscotti.
Through vivid anecdotes and noânonsense analysis, Noel lays out what small businesses actually face: mobile devices that are portable identity containers, brittle MFA habits, and session tokens that act like keys to the castle. Then he flips to solutions that arenât clickbait: shorten token lifetimes, move privileged users to phishingâresistant MFA and passkeys, enforce device compliance and mobile device management, revoke sessions aggressively, and treat personal phones like the powerful admin tools they are â not accessories.
Part rant, part roadmap, the episode gives you the sharp, practical perspective you need to stop worrying about ghosts in coffee shops and start defending what matters: trust, sessions, and the identity stack. Tune in for hard truths, clear steps you can act on, and the kind of hot take that actually helps you protect your business before the next breach arrives.

Thursday May 21, 2026
Square-Wheeled Security: Inside a Vendor Meeting That Failed Small Business
Thursday May 21, 2026
Thursday May 21, 2026
The call starts like any otherâslides, a sales voice, a tidy monthly priceâand then it goes sideways. Noel Bradford walks listeners into a vendor meeting that feels less like a sales pitch and more like a cautionary tale: a shiny cyber bundle advertised to small businesses, but missing the muscle when real danger arrives. Against the hum of corporate growth statistics and glowing dashboards, Noel spots the cracks that too many packages hide.
He pulls back the curtain on the industryâs boomâ2,603 active firms, rising revenues, an army of portalsâand shows how that growth can multiply confusion rather than protection. The narrative tightens around a single, telling moment: a product called out for what it is, and a sales rep who shuts the deck when asked the uncomfortable but essential questionâwhat does incident response actually mean?
Through sharp, conversational storytelling, Noel illustrates the difference between a list of features and real incident ownership. Dark web scanning, phishing simulations, insuranceâeach sounds useful, but each can become a dangerous reassurance without the people, process, and authority to act when the alarm sounds. The episode makes the cost of misunderstanding painfully real: ÂŁ25 a month promises comfort but may leave a business exposed when response workâlegal coordination, evidence preservation, communications and technical recoveryâbecomes urgent and expensive.
Listeners are led scene by scene through the meeting: the casual assumptions, the defensive sales pivot, the moment the vendor chooses convenience over clarity. Noelâs voice threads in professional hard-won detail about what proper incident response entailsâtriage, containment, insurer liaison, decision loggingâand why those things are not optional extras hidden behind a portal.
Finally, the episode becomes a rallying cry for both buyers and sellers. Small business owners get a checklist of the blunt, necessary questions to ask before they buy a bundle. Vendors are challenged to stop masking light services with heavy language. The story closes on a clear, practical warning: cyber sold like broadband builds a stronger case for doing nothing, and attackers are patient.
Engaging, candid, and sharply observant, this episode of Small Business Cybersecurity Guy gives you the scene, the stakes, and the straight talk you need to see past slick packagingâbecause when your business is on fire, you donât want a signpost, you want someone who owns the incident.