The Small Business Cyber Security Guy

The Small Business Cyber Security Guy

Host Noel Bradford teams up with cybersecurity experts to deliver essential tech insights for UK small businesses and consumers. Cutting through jargon with wit and authority, each episode tackles real-world cyber threats, updates, and digital security challenges that actually matter to your business. From patch management to data protection, get actionable advice that doesn't require a computer science degree. Where cybersecurity meets practicality.

  1. 5 DAYS AGO

    The Shocking Truth About What Actually Works in Small Business Cybersecurity

    After 17 episodes covering everything from basic password security to nation-state threats targeting corner shops, Noel and Mauven reveal what actually works, what consistently fails, and why most businesses are fighting 2019 threats with 2015 thinking while facing 2025 attack methods. 🎯 Shocking Revelations: 42% of business applications are unauthorised Shadow IT - Your parallel digital infrastructure you never knew existedMulti-factor authentication stops 90% of credential attacks - Yet businesses still resist this free silver bulletAI systems now write custom malware faster than humans can patch - Deepfakes fool CEOs, psychological manipulation targets individualsSupply chain attacks make YOU liable for everyone - Protecting clients, suppliers, and partners becomes your responsibilityMost successful attacks still exploit basic failures - Unpatched systems, weak passwords, untested backups 🔥 Real Listener Questions Answered: "My IT budget is three pounds fifty and digestives - how do I justify £8/month for security?" "Staff revolt against MFA - how do I implement without workplace mutiny?" "Found 17 project management tools in use - how do I consolidate without chaos?" "Completely overwhelmed by 17 episodes - where do I actually start?" "Client angry about payment verification - how do I explain without damaging relationships?" ⚡ What Actually Works : Systematic thinking over panic-buying security products, modern endpoint protection with AI detection, verification procedures that defeat deepfakes, documentation that survives when Dave from IT leaves, regular testing cycles, and risk-based prioritisation focusing on high-impact areas first. 💥 What Consistently Fails: "Set it and forget it" security measures, relying on users to spot sophisticated AI-crafted threats, compliance theatre without genuine implementation, single-solution approaches, the "we're too small to be targeted" delusion, and treating cybersecurity as IT-only responsibility. 🎯 Three Things to Implement Immediately: Enable MFA everywhere - Free protection against 90% of credential attacksImplement payment verification procedures - Call back on known numbers before actingTest your backups regularly - Having backups ≠ having working backups 🎧 Perfect For: Business owners feeling overwhelmed by cybersecurity complexity, IT managers defending security budgets to sceptical accountants, professionals tired of vendor marketing promising magic solutions, and anyone who thinks antivirus software equals comprehensive security. From basic concepts to AI threats - the complete cybersecurity education in one retrospective episode. Subscribe for weekly episodes making enterprise-level security thinking accessible for small business budgets. Real solutions, no vendor fluff, practical advice that actually works in the real world. #SmallBusinessSecurity #CyberSecurity #MFA #ShadowIT #AIThreats #CyberEssentials #DataProtection #BusinessSecurity #TechSecurity #CyberDefense

    48 min

  2. 18 AUG

    AI Cyber Threats Target Small Business - insights from DefCon 33 & Black Hat 2025

    🎧 Latest Episode Alert | Fresh intelligence from DefCon 33 reveals how AI-enhanced cyber threats to small business are accelerating rapidly. Techniques demonstrated in Las Vegas are targeting UK businesses within weeks. 🚨 Critical Cyber Threats to Small Business AI-Powered Social Engineering 85% success rates against security professionalsAI psychological profiling from social mediaVoice synthesis for CEO impersonation attacksMulti-month fake identity campaignsSupply Chain Cyber Threats Coordinated ecosystem attacks across suppliersAI mapping of business relationshipsMSP compromises affecting 200+ networksHardware backdoors surviving firmware updatesAutomated Attack Evolution 6-hour vulnerability-to-exploit timeline88% evasion of traditional antivirusCustom malware for each targetCybercrime-as-a-Service platforms🛡️ Defending Against Modern Cyber Threats Immediate Actions (Free) Multi-channel verification for financial requestsIndependent contact verification proceduresStaff training on systematic verificationEssential Tech Upgrades (£3-8/user/month) AI-powered endpoint protection (Microsoft Defender for Business, CrowdStrike)Network segmentation via modern firewallsAir-gapped backup systemsThreatLocker "Deny All by Default" protectionCyber Essentials Framework Version 3.2 updates include 14-day critical vulnerability patching, passwordless authentication recognition, and enhanced remote working requirements. 💼 Business Benefits Beyond Security Better insurance ratesGovernment contract accessSupply chain partnership opportunitiesCompetitive advantage demonstration🔥 TRENDING & HASHTAGS Topics: DefCon 33 findings | AI cyber attacks | Small business vulnerabilities | Supply chain security Hashtags: #CyberSecurity #SmallBusiness #DefCon33 #AISecurity #CyberThreats #BusinessProtection #UKBusiness #CyberEssentials #InfoSec #ThreatIntelligence #CyberDefense #BusinessSecurity #SecurityFirst 🚀 ENGAGEMENT HOOKS 🔥 URGENT: AI attacks now target small businesses within 6 weeks of DefCon demos 💡 FREE defence strategies that stop 85% of social engineering ⚡ Why your antivirus is useless against 2025 threats 🎯 Turn cybersecurity into competitive advantage 👍 LIKE if this helped you understand modern cyber threats 🔔 SUBSCRIBE for weekly threat intelligence 💬 COMMENT your biggest security concern 📤 SHARE with business owners using outdated protection 🎧 Listen now before these threats target YOUR business! Subscribe for weekly cyber threat intelligence. Share with business owners still using basic antivirus protection against advanced threats.

    47 min

  3. 11 AUG

    When Your Safety Net Becomes the Target

    🚨 Episode 11: When Your Safety Net Becomes the TargetBackup Security Under Fire + Business Email Compromise Reality Check Your backups aren't protecting you anymore—they're the primary target. In this explosive double-header episode, we expose why 94% of ransomware attacks now target backup systems first, and how Business Email Compromise enables these devastating attacks. 🎯 What You'll Learn:Backup Reality Check: Why "immutable" storage isn't, and cloud sync ≠ backup protectionCloud Provider Truth Bomb: Neither Microsoft nor Google guarantee your data integrityBEC Epidemic: How £35+ billion in global losses connect to backup destructionModern Attack Chains: Email compromise → reconnaissance → backup annihilationWhat Actually Works: Third-party solutions, testing reality, budget truths💡 Key Takeaways:Only 27% of businesses successfully recover all data after incidents30-40% of cyber insurance claims denied due to backup inadequaciesProper backup solutions cost £20-100/month, not £500+Process controls beat technical controls for BEC preventionMulti-channel verification saves businesses millions🎙️ Hosts & Guests:Noel Bradford - The Small Business Cyber Security GuyMauven MacLeod - Ex-NCSC Cyber ExpertOliver Sterling - Veteran IT & Cyber SpecialistLucy Harper & Graham Falkner - Announcing The 10-Minute Cyber Fix daily show!📺 NEW: The 10-Minute Cyber FixStarting Monday! Daily cybersecurity news analysis with Lucy Harper. Perfect for commute listening—cutting through vendor panic and media hyperbole to deliver what actually matters for YOUR business. 🔗 Essential Resources:Veeam Ransomware Trends Report 2024 - 94% backup targeting statisticsFBI IC3 BEC Report 2023 - £35+ billion global lossesMicrosoft Online Services Terms - "Commercially reasonable efforts" realityNCSC BEC Guidance - UK government protection adviceAction Fraud BEC Statistics - UK-specific loss dataCyber Essentials Scheme - UK government backup guidanceGoogle Cloud Terms of Service - Data responsibility clauses💰 Vendor Solutions Mentioned:Third-Party Backup: Veeam Backup for Microsoft 365, Druva, Barracuda, Dropsuite, SkyKick Key Point: Your cloud provider's backup ISN'T enough—you need independent protection. ⚠️ Critical Actions:Implement multi-channel verification for all financial requestsTest backup restoration regularly, not just backup completionDeploy third-party backup for cloud servicesDocument procedures that work under pressureTrain staff on BEC recognition and response🎯 Next Week Preview:Advanced Persistent Threats targeting SMBs - How nation-state techniques filter down to everyday criminals. Special guest from UK's Cyber Security Agency. 📱 Connect With Us:💼 LinkedIn: Mauven's getting job offers—someone's listening! 📧 Consulting: Real-world security help for small businesses 🎧 Daily Fix: Subscribe for Monday's launch of The 10-Minute Cyber Fix ⚖️ Disclaimer: Educational content only. Consult qualified professionals for business-specific advice. Not affiliated with any government agency or vendor. 🔥 If this episode saved you from a backup disaster or BEC scam, hit subscribe and share with fellow business owners who still think "it's in the cloud" means "it's safe"!

    31 min

  4. 4 AUG

    White House CIO Insights Part 3 - Advanced Threats & AI

    In the final part of our White House CIO Insights series, we explore the cutting-edge AI-powered threats that are transforming cybersecurity. Our special guest Sarah Chen, who heads up AI threat research at a leading UK cybersecurity firm, reveals how artificial intelligence is being weaponized by criminals - and what small businesses can do to defend themselves. From deepfakes that fool CEOs to AI that writes custom malware in real-time, discover why traditional security approaches are failing and what you need to implement today to protect your business against tomorrow's threats. What You'll Learn How sophisticated deepfakes are targeting UK businesses right nowWhy AI-powered social engineering succeeds 30% of the time vs 3% for traditional phishingHow criminals are using AI to generate custom malware faster than humans can patch itPractical defenses that work against AI threats without enterprise budgetsWhat the future threat landscape means for small business cybersecurityKey Takeaways 🔐 Implement multi-channel verification for all financial transactions and sensitive requests 🔐 Upgrade to AI-powered endpoint protection - traditional antivirus is obsolete 🔐 Train staff on procedures, not threat recognition - create decision trees that work under pressure 🔐 Understand this is ongoing - build adaptive capabilities, not static defences Source Attribution This episode features insights from Theresa Payton's interview with the Scammer Payback podcast. Theresa served as the first female White House CIO under President George W. Bush and is a leading expert on cybersecurity threats and manipulation campaigns. Full Interview: We strongly encourage listening to the complete Theresa Payton interview on Scammer Payback for comprehensive coverage of nation-state threats, deepfakes, and digital privacy strategies. About Scammer Payback: Excellent podcast and YouTube channel dedicated to exposing cybercriminal tactics and protecting people from fraud. Essential viewing/listening for anyone interested in cybersecurity. Connect With Us 🎧 Subscribe for weekly cybersecurity insights for small business ⭐ Rate & Review - help other business owners find practical security advice 📱 Share with fellow business owners who need to understand AI threats 💬 Comment with your questions about AI security challenges What's Next Episode 11: Backup Security in the AI Age - When even your recovery procedures need defending against adaptive adversaries Coming Soon: Deep dives into email security, mobile security, and building comprehensive security cultures for small business Series Information This episode completes our White House CIO Insights trilogy: Episode 8: The Threat Landscape Small Business FacesEpisode 9: Cyber Essentials - Enterprise Security for Small BusinessEpisode 10: Advanced Threats & AI (this episode)Disclaimer: This podcast provides educational information about cybersecurity threats and defenses. Always consult with qualified cybersecurity professionals for specific advice about your business security needs. Copyright: © 2025 The Small Business Cyber Security Guy Podcast. All rights reserved.

    46 min
  5. The UK Government's Ransomware Gambit: Why Your SMB Just Became a Bigger Target

    1 AUG · BONUS

    The UK Government's Ransomware Gambit: Why Your SMB Just Became a Bigger Target

    UK Ransomware Ban: Why Your SMB Just Became a Bigger Target Show: The Small Business Cyber Security Guy Hot Take Hosts: Graham Falkner & Noel Bradford Episode Length: 7:30 Category: Business, Technology Episode Description The UK Government just dropped the most aggressive ransomware policy in the world - and it's about to make your small business a much more attractive target for criminals. Join Graham and Noel as they break down the three shocking proposals that will reshape cyber threats for every British business by 2026. What You'll Learn: Why 72% of consultation respondents backed payment bans despite industry panicHow the "essential supplier" loophole could snare thousands of unsuspecting SMBsThe brutal mathematics: £3K prevention vs £300K+ ransomware lossesWhy Cyber Essentials is about to become a business survival tool, not just compliance Key Takeaway: With criminals pivoting from locked-down public sector to easier SMB prey, you have 18 months to get your cyber house in order. Don't wait - the attack frequency is about to explode. Key Statistics 72% Consultation support for payment ban£1B Global ransomware payments in 202380% Attack reduction with Cyber Essentials18 Months to prepare before 2026 Key Topics Government Ransomware Proposals Payment bans for public sector and CNI (no exceptions)Mandatory 72-hour incident reporting for all sectorsGovernment pre-approval required for private sector paymentsImplementation timeline: Late 2026 (if passed) The SMB Target Shift Global ransomware payments: $1 billion in 2023UK victims doubled on leak sites since 2022Attack displacement from public sector to private SMBsVolume strategy: 40 SMBs at £50K vs 1 NHS trust at £2M Cyber Essentials Reality Check 68% reduction in successful ransomware attacksFive controls that actually work (when implemented properly)Insurance discounts becoming business necessity"Badges don't stop hackers, controls do" Insurance Market Transformation Premium increases of 25-50% over next two yearsClaims denials for businesses without proper controlsCE certification shifting from discount to baseline requirement Real-World Case Studies: Post-ransom betrayal: Attackers left backdoors, insurance refused payoutLost government contract: SMB couldn't prove basic cyber hygiene after small breachRegulatory tag scenario: Sourdough bakery subject to cyber law for prison deliveries Action Items Immediate (Next 30 Days) Map CNI/public sector client relationshipsAssess potential supply chain compliance exposureCalculate business-specific ransomware impact costsReview current cyber insurance coverage termsShort-term (90 Days) Begin Cyber Essentials certification processImplement five core security controls properlyEstablish professional security response relationshipsTest backup and recovery procedures monthlyStrategic (18 Months) Prepare for potential "essential supplier" designationBudget for insurance premium increasesDevelop incident response and crisis communication plansCreate alternative business operation procedures Blog Post: The UK Government's Ransomware Gambit: Why Your SMB Just Became a Bigger TargetRelated Episodes Episode 2: "Compliance Theatre vs Real Security"Episode 6: "Supply Chain Security: Your Weakest Link" Rate and Review: Help other SMB owners discover critical cyber security insights by rating this episode on Spotify, Apple Podcasts, or your preferred platform. Questions? Email: hello@thesmallbusinesscybersecurityguy.co.uk Website: www.thesmallbusinesscybersecurityguy.co.uk Episode Credits Hosts: Graham Falkner, Noel BradfordProduction: The Small Business Cyber Security GuyCopyright: © 2025 The Small Business Cyber Security Guy. All rights reserved. Content for educational purposes. Consult cybersecurity professionals for specific business advice.

    8 min
  6. Help Desk MFA Reset Fails: Scattered Spider vs. UK Retail

    31 JUL · BONUS

    Help Desk MFA Reset Fails: Scattered Spider vs. UK Retail

    Episode Description Join Noel Bradford and Graham Falkner for another cybersecurity hot take as they dive into the alarming world of help desk social engineering attacks. This episode exposes how the notorious Scattered Spider group has weaponized basic human helpfulness to devastating effect, turning your friendly IT support into the front door for ransomware attacks. From MGM's $100 million disaster to the recent wave of UK retail breaches (M&S, Co-op, Harrods), discover how teenagers armed with nothing more than convincing accents and sob stories are outsmarting million-pound security systems. Spoiler alert: it's not the tech that's failing us. Key topics The Scattered Spider Phenomenon: Meet the English-speaking teenagers who graduated from Roblox to ransomwareHelp Desk Horror Stories: Why your MFA reset process is probably easier than ordering a dodgy kebabThe MGM Masterclass: How one phone call led to 10 days of casino chaosUK Retail Ransomware Wave: The domino effect that took down half the high streetSandra's 3AM Security Failures: Why verification questions like "favourite biscuit" aren't cutting itReal Solutions That Actually Work: Beyond useless training modules to proper phishing-resistant MFANotable Quotes "You can get your entire digital life reset with less hassle than ordering a dodgy kebab after the pub." "The help desk culture these days - it's like the Wild West, but with more hold music and less gunfire." "If your help desk can be outwitted by someone who sounds like they're late for a Fortnite tournament, you've got bigger problems than patching Windows." "It's not hacking, it's just really, really good acting." What You'll Learn How Scattered Spider targets help desk processes with surgical precisionWhy traditional security questions are laughably inadequateThe real-world impact of social engineering attacks on major retailersPractical defenses that actually work (hint: it's not more training)Why your business might be the stepping stone, not the target Solutions Discussed Video verification for all MFA resetsPhishing-resistant MFA (FIDO2 keys, smart cards, PKI certificates)Proper RMM tool controls with device whitelisting and geographic restrictionsZero unauthenticated resets policyMonitoring for unusual authentication patterns Episode Hightlights The career trajectory from Minecraft to MGM hackingWhy "favourite colour" security questions are a disaster waiting to happenThe proposed "angry Scottish nans verification panel" security policyThe legendary cat impression MFA reset incidentHow one help desk call can ransomware half the high street Perfect For Small business owners worried about cybersecurityIT professionals dealing with help desk securityAnyone who's ever reset a password over the phoneSecurity-conscious listeners who enjoy a good dose of British humor with their cyber threats#Cybersecurity #ScatteredSpider #Ransomware #SocialEngineering #HelpDesk #MFA #UKRetail #MGM #SmallBusiness #InfoSec #PhishingResistant #SecurityAwareness Remember: Security isn't about being perfect, it's about being better than the bloke next door. Don't let Sandra near the reset button after midnight! See - https://www.noelbradford.com/blog/scattered-spider-helpdesk-mfa-reset-attack-warning-uk-2025

    8 min
  7. Orwell was right - Big Brother is Watching just 41 year late - UK Online Protection Act is here!

    29 JUL · BONUS

    Orwell was right - Big Brother is Watching just 41 year late - UK Online Protection Act is here!

    1984 is here! Just 41 years late - Big Brother is watching and censorship is increasing. The UK's Online Safety Act went live July 25th, 2025. VPN usage exploded 1,400% overnight. Teenagers are using PlayStation screenshots to bypass age verification. Join Noel Bradford and Mauven MacLeod for an emergency breakdown of Britain's most expensive digital policy failure and why every tech-savvy teen is already laughing at it. Warning: Contains passionate commentary about government digital policy The Spectacular Failure (0:00-4:00) ​ProtonVPN's 1,400% UK signup surge in 48 hours​Death Stranding character defeats government AI systems​Why teenagers always win the circumvention game​Digital cavity searches for legal content access The Authoritarian Agenda (4:00-7:00) ​Pattern of moral panics from rock music to the internet​Surveillance infrastructure outlasts the panic that created it​Ministers' unprecedented power to designate "harmful" content​International platforms blocking UK users entirely The VPN Danger Zone (7:00-10:00) ​Millions of non-tech users suddenly need VPN services​How to avoid data harvesting and malware traps​Red flags in free VPN services​Recommended providers with proven track records The Bottom Line (10:00-12:00) ​Why this was never about protecting children​Essential digital literacy in the circumvention era​The only rational response to broken digital policy​1,400% increase in VPN signups within hours of enforcement​Over 280,000 signatures on petition to repeal the Act​6+ years from conception to failure by video game screenshots​Zero responses from some platforms to compliance requirements

    11 min

  8. 28 JUL

    Cyber Essentials - White House Security Principles for UK Small Business

    Part 2 of White House CIO Insights Series | ~38 minutes How do you implement White House-level security without White House-level budgets? Building on insights from former White House CIO Theresa Payton's interview with Scammer Payback, Noel and Mauven explore the UK's Cyber Essentials framework - translating enterprise security principles into achievable small business requirements. The Five Cyber Essentials Controls: Boundary Firewalls - Your digital perimeter defenseSecure Configuration - Closing manufacturer security gapsAccess Control & MFA - 90% credential attack preventionMalware Protection - Beyond traditional antivirusSecurity Update Management - Systematic patching Key Takeaways: Real implementation costs (£300+VAT basic certification, 2-4 weeks setup)Business benefits: insurance discounts, government contracts, supply chain complianceWhy CE stops 80% of attacks targeting 80% of small businessesWhen you need more than basic frameworks Featured Content: Audio clips from Theresa Payton interview courtesy of Scammer Payback Podcast Building safety standards for cybersecurityMFA stopping 90% of credential attacksSystematic security thinking Highly recommend the full Theresa Payton interview on Scammer Payback - covers nation-state threats, manipulation campaigns, deepfakes, and digital privacy. Essential cybersecurity listening. Take Action This Week: Start Cyber Essentials self-assessmentEnable multi-factor authentication everywhereAudit your third-party vendor list Resources: NCSC Cyber Essentials Scheme: ncsc.gov.uk/cyberessentialsSelf-Assessment Portal: cyberessentials.ncsc.gov.ukScammer Payback Podcast Subscribe "Manipulated" by Theresa Payton - Buy Next Episode: Advanced Threats & AI The final White House CIO series episode tackles threats that challenge enterprise security teams: AI-powered attacks, executive-fooling deepfakes, and psychological social engineering. Subscribe & Review | Share with business owners who think cybersecurity requires unlimited budgets | Special thanks to Daniel and Scammer Payback team From White House situation rooms to your actual situation.

    42 min
See All (18)

About

Host Noel Bradford teams up with cybersecurity experts to deliver essential tech insights for UK small businesses and consumers. Cutting through jargon with wit and authority, each episode tackles real-world cyber threats, updates, and digital security challenges that actually matter to your business. From patch management to data protection, get actionable advice that doesn't require a computer science degree. Where cybersecurity meets practicality.

Information

You Might Also Like