

216.1K
Downloads
101
Episodes
The UK's leading small business cybersecurity podcast, helping SMEs protect against cyber threats without breaking the bank.
Join cybersecurity veterans Noel Bradford (CIO at Boutique Security First MSP) and Mauven MacLeod (ex-UK Government Cyber Analyst) as they translate enterprise-level security expertise into practical, affordable solutions for UK small businesses.
đŻ WHAT YOU'LL LEARN:
- Cyber Essentials certification guidance
- Protecting against ransomware & phishing attacks
- GDPR compliance for small businesses
- Supply chain & third-party security risks
- Cloud security & remote work protection
- Budget-friendly cybersecurity tools & strategies
đ PERFECT FOR:
- UK small business owners (5-50 employees)
- Startup founders & entrepreneurs
- SME managers responsible for IT security
- Professional services firms
- Anyone wanting practical cyber protection advice
Every episode delivers actionable cybersecurity advice that you can implement immediately, featuring real UK case studies
The UK's leading small business cybersecurity podcast, helping SMEs protect against cyber threats without breaking the bank.
Join cybersecurity veterans Noel Bradford (CIO at Boutique Security First MSP) and Mauven MacLeod (ex-UK Government Cyber Analyst) as they translate enterprise-level security expertise into practical, affordable solutions for UK small businesses.
đŻ WHAT YOU'LL LEARN:
- Cyber Essentials certification guidance
- Protecting against ransomware & phishing attacks
- GDPR compliance for small businesses
- Supply chain & third-party security risks
- Cloud security & remote work protection
- Budget-friendly cybersecurity tools & strategies
đ PERFECT FOR:
- UK small business owners (5-50 employees)
- Startup founders & entrepreneurs
- SME managers responsible for IT security
- Professional services firms
- Anyone wanting practical cyber protection advice
Every episode delivers actionable cybersecurity advice that you can implement immediately, featuring real UK case studies
Episodes

Wednesday May 20, 2026
When the Authenticator Stops Being a Shield: CVEâ2026â41615 Exposed
Wednesday May 20, 2026
Wednesday May 20, 2026
I'm Noel Bradford, and today the app millions of us told our users to trust has just become the story. Microsoft Authenticator â the little green tick that used to mean 'youâre safe' â has a flaw: CVE-2026-41615. It sounds like a dry line on a vulnerability list, but the reality is cinematic. An app on a phone, a single tap, and a service can be tricked into handing an attacker the very token that proves you are who you say you are. Thatâs not an academic problem; thatâs an open door to email, Teams, SharePoint, OneDrive, finance systems and the privileged keys that run your business.
Picture tokens as wristbands at a festival: once youâve got one, you donât queue for every stall. Great for productivity. Terrible if a thief pinches it. This flaw is an information disclosure â but the information being disclosed is an access token. An attacker still needs to trick a human into approving a legitimate-looking request, but humans are busy, distracted, and persuasive social engineers know it. âRequires user interactionâ is not the same as âhard to exploit.â
The scandal isnât that Microsoft shipped a bug â all software has bugs. The scandal is how many organisations built their identity on an app they do not inventory, version-check, or treat as critical infrastructure. Automatic updates, wishful thinking, and an unmonitored fleet of personal phones are not a security strategy. The fix exists: updated versions (Android: 6.2605.2973+, iOS: 6.847+). The harder work is knowing who has those versions and who doesnât.
This episode walks you through what actually matters: identify which users â especially privileged ones â are exposed; push or instruct updates; verify versions; review sign-in logs; and consider revoking sessions and tightening conditional access after patching. Patching closes the door, but tokens may linger. Thatâs why you must treat sessions, tokens and admin accounts as living assets that need governance, not artifacts you paid once for and then hoped would behave.
Iâll cut through the CVSS score arguments and the analyst chatter. Whether some lists call it critical or high, the business question is simple: can a work account token be exposed after user interaction? Yes. Is Microsoft Authenticator part of the trust chain for your cloud identity? Yes. Do many small businesses rely on it without visibility? Also yes. The answer to all three is enough to move from complacency to action.
By the end of this episode youâll understand the attack in plain English, what to check first (privileged accounts, device management, update versions), and the practical steps your MSP or in-house IT must take today. This is not fear-selling; itâs a call for grown-up identity hygiene. MFA remains essential â but it isnât magic. Treat the app as software, the token as a valuable asset, and your identity controls as infrastructure that must be governed.
Update the app. Verify the versions. Review tokens and sessions. Move highâprivilege users toward phishingâresistant authentication. Donât assume automatic updates are proof. Turn the green tick back into an engineered assurance, not a poster on the wall. This episode is a wake-up call for anyone who thought ticking the MFA box was the end of the story.

Tuesday May 19, 2026
When Cybercrime Became a Business: IOCTA 2026 Exposes the Machine
Tuesday May 19, 2026
Tuesday May 19, 2026
Listen as Noel Bradford â the Small Business Cyber Security Guy â pulls back the curtain on a criminal economy that looks eerily like a legitimate market. The story begins not with a hooded hacker in a basement but with supply chains, service desks, affiliate margins and racks of phones pretending to be people: an industrialised machine that Europol lays bare in IOCTA 2026.
Imagine a landlord who rents lockups to burglars and never asks why everyone arrives at 3am. Now imagine that landlord runs a global network of proxies, bulletproof hosting and sim farms that let criminals create millions of fake accounts, receive one-time codes and vanish with the money. Noel walks you through that rack of 40,000 SIMs and the jaw-dropping scale â 49 million accounts created â and shows how criminal services chain together into a repeatable, low-cost supply model.
He tells the story of the modern ransomware franchise: not a lone crew but brands, affiliate programs and negotiation services, with some gangs offering affiliates 80â85% of ransoms. This isnât cinematic drama â itâs commercial logic. Criminals buy speed, scale and plausible deniability; law enforcement chases the velocity gap. AI writes the scams, proxies hide the origin, crypto moves the money, and encrypted platforms slow evidence gathering. The result: a faster, stealthier, more connected threat.
Noelâs narrative turns the Europol report into a mirror for small businesses. Itâs not just about technical fixes â itâs about whether the products and certificates you buy actually match the way crime now works. He uses vivid examples (sim farms, DNS abuse, data-leak extortion) to make one blunt point: a backup is crucial, but it doesnât unsend stolen customer lists or unpublish payroll files. Your recovery plan must cover communications, legal, insurers and reputational damage â not only server restore points.
Through sharp, practical storytelling Noel gives you three immediate actions small businesses can do this week: email your IT supplier and ask if theyâve read IOCTA 2026, audit every SMS-based workflow that handles money or identity, and rethink your ransomware plan around stolen data being published. He frames these as homework, not panic â small, urgent steps that cut through vendor theatre and certificate-shaped comfort.
By the end of the episode youâll see the threat differently: no longer isolated buckets of ransomware or fraud but a joined-up criminal economy exploiting weak identity, cheap infrastructure and slow institutional response. Noel doesnât just warn you â he shows you how to start fixing it, with plain questions to suppliers and concrete checks you can run in a day. This is a wake-up call dressed as a podcast episode: direct, unflinching and built to move small businesses from complacency to grown-up risk management.

Monday May 18, 2026
We Got the Cyber Headline Wrong: The 43% That Isnât What It Seems
Monday May 18, 2026
Monday May 18, 2026
The 43% Cyber Attack Statistic: Are We Being Sold Fear?
Every spring, the UK government drops a cyber statistic that makes headlines, fills vendor slide decks, and gives nervous business owners another reason to stare bleakly into their coffee. The claim? Around 43% of UK businesses suffered a cyber breach or attack last year.
Sounds terrifying, doesnât it?
Except there is a problem. A bloody big one.
The methodology counts phishing emails as breaches even when nobody clicked, nobody engaged, and nothing happened. In other words, your business could block thousands of dodgy emails, suffer no damage, lose no money, and still get swept into the headline figure.
Buried deeper in the same government report is a far more useful number.
In this episode, the team pulls apart ten years of survey data and asks an uncomfortable question: who benefits when cyber risk gets inflated? Government comms teams get a stronger headline. Vendors get better scare copy. Compliance theatre gets another curtain call. Meanwhile, small businesses are left wondering whether they are genuinely at risk or just being sold another steaming plate of fear.
We also admit something important. We fell for the 43% number ourselves two weeks ago. So this episode is not just a takedown. It is a correction.
What should a 20 person business actually do with this information? Ignore cyber risk? Absolutely not. Panic buy another shiny security product because someone waved a big scary percentage at you? Also no.
The answer sits somewhere far more useful: understand the real risk, ask better questions, spend money where it matters, and stop letting fear based marketing write your security strategy.
Links

Sunday May 17, 2026
Private Life on Display: How Endpoint Compromise Exposed a Celebrity
Sunday May 17, 2026
Sunday May 17, 2026
The Celebrity Stalkerware Leak: Not Encryption, Endpoint Compromise
In late April 2026, headlines screamed about 86,000 private screenshots leaked from a prominent European celebrity's phone. The story dominated tech press coverage, but crucial context went missing. This was not hackers breaking encryption or sophisticated cyber warfare. It was endpoint compromise: stalkerware capturing screenshots directly from a device after messages had already been decrypted on screen. The database, allegedly linked to the collapsed Cocospy spyware ecosystem, contained WhatsApp chats, Instagram activity, invoices, intimate images and more. Whilst the core reporting appears sound, the framing obscured important truths. A VPN would not have stopped this attack. Encrypted messaging apps could not protect against malware already installed locally. And beneath the sensational headlines lies a grim pattern: commercial spyware marketed as parental monitoring or employee oversight, repeatedly exposed in breaches that reveal its real use in coercive control and domestic abuse. This episode unpacks what actually happened, why the technical details matter, and why we need to stop calling this surveillance software anything other than what it is.
Chapters
- Intro
Noel introduces the celebrity stalkerware leak story from April 2026, cutting through sensational headlines to frame what this incident actually was: endpoint compromise, not encryption failure. - What The Story Claimed
Breaking down the original ExpressVPN report by researcher Jeremiah Fowler, which detailed 86,859 screenshots from a celebrity's device, including encrypted app content, intimate images and personal data. - This Was Not Breaking Encryption
Clarifying the critical technical misunderstanding: the spyware did not crack WhatsApp or Signal encryption. It simply captured screenshots after messages were already decrypted and displayed on screen. - The Cocospy Bit
Unpacking the Cocospy connection. The spyware ecosystem collapsed in 2025 after a massive breach, but leftover infrastructure appears linked to this incident, which targeted one victim rather than millions. - The VPN Problem
Addressing the uncomfortable commercial context: the story appeared on ExpressVPN's blog, yet a VPN would not have prevented this attack. Transparency and vendor-owned media ecosystems matter in security reporting. - The Bigger Issue Nobody Talks About
The depressing normalisation of stalkerware. Marketed as parental monitoring, these tools repeatedly surface in breaches exposing their use in coercive control and domestic abuse, not legitimate oversight. - Outro
Final verdict: the core story appears accurate, but framing matters. This was endpoint compromise, not encryption failure. And the industry should stop euphemising commercial spyware designed for abuse.
Links

Saturday May 16, 2026
Yellowkey Exposed: Why BitLocker 'On' Isn't Enough
Saturday May 16, 2026
Saturday May 16, 2026
Noel Bradford delivers a direct examination of YellowKey, the reported BitLocker bypass that exploits the Windows Recovery Environment on TPM-only configurations.
This episode strips away vendor comfort narratives and green-tick dashboards to focus on what default encryption settings actually protect against when a laptop is stolen or accessed physically.
He explains how YellowKey targets trusted recovery paths rather than breaking encryption mathematics, why TPM-only BitLocker represents a convenience trade-off rather than maximum assurance, and how businesses confuse enabled controls with proven protection.
The episode provides practical guidance on identifying high-risk devices, reviewing BitLocker protectors, implementing TPM plus PIN where appropriate, locking firmware settings, restricting USB storage, and properly escrowing recovery keys.
The episode argues that physical access remains a normal business risk through stolen laptops, lost devices, and compromised bags, not merely a theoretical attack scenario.
The episode challenges boards and decision-makers to move beyond checkbox assurance and ask what their laptop security actually proves under adversarial conditions.

Friday May 15, 2026
Friday May 15, 2026
They said the fine was ÂŁ828,000 in some headlines â the ICO said ÂŁ963,900. Numbers matter, but the real scandal is deeper than a headline figure: this is about trust, monopoly, and a regulator that finally acted. In this episode the Small Business Cybersecurity Guide tells the story of how a single phishing email in September 2020 became a twentyâmonth lodger inside a utility network, and how a monopoly provider of an essential service left hundreds of thousands of people exposed.
It starts small: a malicious attachment, a foothold, then complacency. For almost two years the attacker lived in the estate, quiet and unseen, until May 2022 when they began a methodical campaign of lateral movement and privilege escalation. By July they held domain administrator access â the keys to the kingdom. They werenât stealthy ninjas; they were guests who moved in, opened the cupboards, and helped themselves.
Detection? Not artisanal monitoring or heroic threat hunting. It was system performance degradation â the IT equivalent of noticing the house is on fire because the TV has melted. The compromise produced a failed ransom demand and, eventually, a dump of more than four terabytes of stolen data on the dark web: names, addresses, emails, dates of birth, phone numbers, account details, bank sort codes, service credentials and even information that could infer disability status for priority customers. 633,887 UK people were affected.
The ICOâs findings are the part that should make every director and IT lead sit up. This wasnât a story of exotic attack techniques â it was a catalogue of basic control failures: outdated software (Windows Server 2003 in a live environment), inadequate logging and monitoring, weak vulnerability management, no meaningful scans for long periods, and a thirdâparty SOC only watching 5% of the estate. That is not coverage; itâs a comfort blanket.
Hear the frustration and the anger: when customers canât vote with their feet, protecting their data isnât optional. This episode pushes past corporate press releases and settlements to ask what really matters â the people. What does this exposure mean for vulnerable customers, staff, and anyone who trusted a critical service provider to keep their information safe?
Then the episode turns outward with hard lessons every organisation must learn. Know your estate â you cannot protect what you cannot see. Retire legacy systems properly. Enforce least privilege so domain admin access is exceptional, not daily. Monitor the entire environment, not a token slice. Scan, patch, remediate. Test your incident response and your communications before chaos forces you to explain to frightened customers what happened to their data.
Above all, this is a governance failure. Cybersecurity isnât just an IT problem or a checkbox for audit season â itâs boardâlevel risk management. The board must own the risk, demand evidence, and stop hiding behind vendor portals and PDFs that mean nothing in a crisis. The episode pulls no punches: if you havenât modelled the cost of a breach, youâve found the root problem.
The ICO finally acted â good. But the real question the episode leaves listeners with is uncomfortable and direct: if the regulator walked into your business tomorrow, what could you actually prove? This is a wakeâup call to utilities, regulated sectors and every UK business. Basic controls, evidence, and leadership matter. If you wait for criminals, regulators or journalists to force the issue, youâll have bought a public kicking on credit.
Listen as the Small Business Cybersecurity Guide blends forensic detail, sharp critique and practical advice to turn a headline into a blueprint: how to stop being the next story. â Noel Bradford

Wednesday May 13, 2026
Patch Tuesday May 2026 â 4 Fixes That Matter to Every UK Small Business
Wednesday May 13, 2026
Wednesday May 13, 2026
Itâs that time of the month: Patch Tuesday. The headlines shout 137 CVEs and a perfect 10.0 somewhere in the noise, but this episode narrows the story down from global panic to what actually matters for a small business with a server room, a handful of laptops, and a CEO who needs to log in on Monday morning.
Iâm Graham Falkner and in this edition of the Small Business Cyber Security Guy I walk you into the trenches of May 2026âs update cycle â the numbers, the new role AI is playing in vulnerability hunting, and the four bugs you canât ignore. I tell the story of how an unpatched domain controller can become the pivot point for a full-blown takeover (think Zero Logonâs ghost), why every Windows endpointâs DNS client suddenly matters again, and how an Atlassian single signâon plugin could let an attacker impersonate any user. These arenât abstract CVEs on a spreadsheet; theyâre concrete threats with reachable fixes.
Youâll hear exactly what to do, in the order to do it: find and patch onâprem domain controllers in the next 48 hours (NetLogon â CVEâ2026â41089, KBs by Windows Server version), push a small test ring for endpoint updates and watch for BitLocker recovery prompts (CVEâ2026â41096), and treat onâprem Dynamics 365 and Atlassian SSO as highâpriority if you run them locally. I give the KB numbers, realistic time estimates â an hour per domain controller â and a noâhype deployment schedule that keeps your business running while you secure it.
The narrative also walks through an operational snag that will catch teams off guard: some devices may prompt for a BitLocker recovery key after reboot. I explain the three preâdeployment checks to prevent a CEOâlevel outage (adjust a TPM group policy, verify where recovery keys live, and reapply baselines later), and why you should demand a plan from your MSP before they push updates.
Along the way I bust headlines that distract â the CVEâ2026â42826 âPerfect 10â in Azure DevOps is already mitigated by Microsoft, so thereâs no customer action â and remind you that other vendors patched too: Adobe, SAP, AMD, Apple. Patch week is not a oneâvendor event.
By the end of the episode youâll have a simple, prioritized checklist you can act on this week: identify DCs and patch them now, test endpoints tomorrow, roll out by weekâs end, and verify Atlassian plugins separately. This is a story about practical choices under pressure â stop chasing every headline and start fixing what can actually hurt your business.

Monday May 11, 2026
The ÂŁ10k False Economy: When Cheap IT Becomes Your Biggest Liability
Monday May 11, 2026
Monday May 11, 2026
It starts with a tempting spreadsheet: 25 staff, a cheaper IT quote that shaves ÂŁ35 per user off the bill â ÂŁ10,500 a year saved, instantly seductive. Noel Bradford and Mauven McLeod open this episode by turning that neat number upside down and asking the one question every business owner should be able to answer: what exactly has been removed from the service to make that price possible?
They walk you through a story many business owners will recognise â a colourful LinkedIn pitch that sells confidence and hides compromises. The cheap provider isnât performing miracles; theyâre quietly cutting controls: enforced MFA, disciplined patching, active monitoring, behaviour-based endpoint defence, security training, incident response and documented processes. Those missing pieces turn an attractive short-term saving into a long-term gamble.
Noel and Mauven do the arithmetic and show you the cold UK data: the DCIT survey found 43% of UK businesses suffered an incident in 2024, phishing hit 85% and even a 1% ransomware prevalence still means roughly 19,000 organisations were devastated. The average materially costly breach ran to about ÂŁ8,260 in 2025 â already eclipsing that supposed annual IT saving â and real-world downtime, lost orders and reputational damage can push costs far higher.
They then lift the curtain on what a security-first MSP actually spends on the plumbing: remote monitoring, EDR, DNS filtering, email protection, application control, backups, SOC monitoring, documentation and professional tooling. Strip it down honestly and the true cost lands well above fantasy bargains â industry reality makes anything under roughly ÂŁ50 per user per month alarming, and in London nearer ÂŁ75.
Cyber insurance isnât a free pass. Uptake has risen, but so have denials: missing MFA, poor patch evidence, misrepresented controls and late reporting regularly void claims. Insurers now demand proof â logs, timestamps and documented processes â and bargain providers rarely collect or produce that evidence. The result: a denied claim when you most need a payout.
Ransomware is the horror story that pulls everything together. Usually seeded through phishing and unpatched systems, ransom incidents produce recovery costs that dwarf the payment demand. Noel and Mova explain why the ransom is only the opening act â downtime, forensics, legal costs, client fallout and reconstruction push many small firms to the brink.
Regulators make the stakes worse. ICO fines and tougher technical expectations mean that skimping on controls isnât just reckless, it can be an aggravating factor in enforcement. The cheapest IT quote wonât be an excuse in front of a regulator or in the aftermath of a client data breach.
The episode ends with practical, plain-English advice: seven questions every business should ask their provider about certification, enforced MFA, patching, EDR, proactive monitoring, incident response and insurance compliance. The message is simple â donât buy the smallest number on a spreadsheet without understanding what youâve agreed to carry. Spend wisely, not blindly.