The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups

The Small Business Cyber Security Guy
  • 0.0 (0)
  • MANAGEMENT
  • UPDATED WEEKLY

The UK's leading small business cybersecurity podcast, helping SMEs protect against cyber threats without breaking the bank. Join cybersecurity veterans Noel Bradford (CIO at Boutique Security First MSP) and Mauven MacLeod (ex-UK Government Cyber Analyst) as they translate enterprise-level security expertise into practical, affordable solutions for UK small businesses. 🎯 WHAT YOU'LL LEARN: Cyber Essentials certification guidance Protecting against ransomware & phishing attacks GDPR compliance for small businesses Supply chain & third-party security risks Cloud security & remote work protection Budget-friendly cybersecurity tools & strategies 🏆 PERFECT FOR: UK small business owners (5-50 employees) Startup founders & entrepreneurs SME managers responsible for IT security Professional services firms Anyone wanting practical cyber protection advice Every episode delivers actionable cybersecurity advice that you can implement immediately, featuring real UK case studies

  1. 3D AGO

    Security Theatre Exposed — Passkeys, the CISA Leak, and the Hidden Value in Your Cyber Insurance

    In this urgent episode of The Small Business Cybersecurity Guide, hosts Noel Bradford, Mauven McLeod and Graham Faulkner bring together three experts to answer one question: why you’re doing security wrong and what practical steps will actually protect your business. We cover four pressing, unconnected problems that share the same root cause — a massive gap between perceived and real security. Dr. Sarah Chen explains passkeys in plain English: how they remove the shared secret that makes passwords vulnerable, why they defeat phishing, credential stuffing and most brute-force attacks, and exactly how small businesses should pilot them this week. She outlines a three-step rollout (check your identity platform, pilot with five users, support them through setup), recovery and accessibility considerations, device and cost guidance, and the measurable benefits — including dramatically fewer password reset tickets. Former US government cyber analyst Corinne Jefferson unpacks the CISA ChatGPT incident, where the acting director uploaded sensitive government contracting documents to public ChatGPT despite an approved internal alternative. Corinne explains how exceptions become normalized, why convenience often defeats policy, how this damages security culture, and what organizations should do: enforce technical controls, require documented risk assessments for privileged exceptions, and ensure detection is coupled with a consistent response regardless of who triggers the alert. Seamus O’Leary shares a practical small-business win: after realising he’d never introduced himself to his insurer’s incident response team, he discovered £18,000+ of pre-incident services already included in his cyber policy — IR plan templates, tabletop exercises, forensics retainers, quarterly scans and a 24/7 breach hotline. The episode walks through the five-week process he used to onboard the insurer’s IR team, fix gaps, run a tabletop, uncover critical weaknesses (unverified backups, unclear ransomware authority, GDPR notification issues) and win board-level funding to replace vulnerable infrastructure. Noel and the team close with a structural look at cloud sovereignty and vendor concentration: why relying on US cloud providers (AWS, Azure, Google) creates real legal and operational risk regardless of where data is physically stored, how the Cloud Act and post‑Schrems II rules change transfer obligations, and practical mitigation options — encryption with external key control, transfer impact assessments, supplementary measures, vendor diversification and multi‑cloud planning. Key takeaways for listeners: enable and pilot passkeys to eliminate credential-based attacks; enforce technical controls and documented approvals so seniority doesn’t become an exception to security; call your insurer’s IR contacts and use the services you’ve already paid for; treat cloud region selection as latency choice, not legal sovereignty, and perform real transfer impact assessments and mitigation. The episode mixes concrete how-to steps, governance advice, and real-world examples — from phishing-defeating authentication to saving thousands by activating policy services — all aimed at helping small businesses turn security theatre into dependable protection.

    43 min

  2. JAN 19

    Who’s in Charge When Ransomware Hits? Building Your Incident Response Team

    In this episode of Small Business Cybersecurity Guy, hosts Mauven MacLeod, Noel Bradford and Graham Falkner walk you through Module One of their six-part incident response plan series: building your response team. Through the real-world Katie Roberts case study (name changed), they show why independence matters when a breach hits — and how an unbiased incident manager can quickly uncover the truth, coordinate response, and save a business from far worse outcomes.   Topics covered include the four core incident roles (external incident manager, technical lead, business continuity coordinator, communications lead), how to find and contract an external IM (insurance, IT referrals, retainer vs pay-per-incident), what an IM can and cannot do, authority and spending limits, and realistic costs and timelines. The hosts explain a simple, achievable four-week setup plan that takes roughly four hours of actual work, and they share templates for team structure, external contacts, authority scripts, implementation timelines, and validation checklists.   Key points and takeaways: why impartial coordination matters, how to avoid common provider cover-up biases, the practical steps Katie used to stabilise her business, a real case study of an architecture firm saved from a Friday-afternoon ransomware attack, and concrete homework: find your IM, assign three internal roles, document everything on a single page, brief and validate your team. Listeners will leave with a clear, actionable plan, links to downloadable templates, and the promise that preparation reduces cost, stress, and downtime.

    31 min

  3. JAN 14 · BONUS

    114 Updates, 1 Active Exploit — January Patch Tuesday: Patch Today or Pay Tomorrow

    Hosted by Graham Falkner, this episode is a rapid, no‑nonsense January Patch Tuesday breakdown aimed at small businesses and IT owners. Graham walks listeners through Microsoft’s unusually large release of 114 security updates, explains the essential jargon (CVE and CVSS), and highlights why severity scores don’t replace real‑world risk assessments. The show covers the one vulnerability already being actively exploited (CVE‑2026‑2805 in Desktop Window Manager) and two other high‑risk items used in targeted attacks, plus three zero‑day bugs. Graham takes a deep dive into the critical on‑premises SharePoint emergency (Toolshell campaign, CVE‑2025‑53‑700‑70 and related issues), urging immediate patching and incident response for exposed servers. He also explains the severe Kestrel/ASP.NET Core HTTP request smuggling flaw (CVE‑2025‑55315) and the practical impact on web apps and deployment teams. The episode reviews other major vendor fixes: SAP’s 16 security updates (including four critical vulnerabilities), Apple’s two WebKit zero days, Adobe’s 32 patches (eight critical affecting Acrobat, Reader and creative apps), HPE OneView’s unauthenticated RCE (CVE‑2025‑37164), and ongoing VMware ESXi risks. Graham calls out long‑delayed Fortinet SSL‑VPN vulnerabilities (including CVE‑2020‑12812) and newer FortiCloud SSO bypasses, stressing that overdue patching still causes widespread compromises. Practical guidance and priorities are clear and actionable: patch Windows cumulative updates, exposed SharePoint servers, Fortinet edge devices and HPE OneView within 24 hours; address .NET/web app fixes and SAP critical patches within the next 72 hours to one week; then continue with routine maintenance for browsers, Adobe, Cisco and other software. The episode also flags upcoming deadlines and logistics—Oracle’s critical patch update on January 20 and the end of Windows 10 support—so listeners can plan maintenance windows and migrations. Key takeaways: assume compromise if you haven’t patched exposed services, verify systems after applying updates, assign owners who can patch and redeploy quickly, and treat cumulative Windows updates as all‑or‑nothing. There are no external guests—this episode is hosted solo by Graham Faulkner and aimed at helping small organizations act fast and reduce risk in the wake of an intense Patch Tuesday.

    10 min

  4. JAN 12

    UK Government Admits Cyber Chaos — 28% of Systems ‘Cannot Be Defended’: What SMBs Need to Know

    In this episode of the Small Business Cybersecurity Guy, host Noel Bradford is joined by Mauven McLeod and Graham Falkner to unpack the Cabinet Office’s January 2026 Government Cyber Action Plan — a blunt, 100‑page admission that the UK government’s cybersecurity posture is “critically high” risk and that many of its own targets are unachievable. The trio break down the report’s headline findings, case studies of high‑profile failures, and why this matters to you even if you’ve never worked with government. Key revelations from the Plan covered in the episode include: roughly 28% of government IT is legacy and cannot be defended with modern tools; repeated systemic failures across departments (poor patching, weak passwords, lack of monitoring); high‑cost incidents such as the British Library ransomware recovery and the CrowdStrike outage that cost the UK economy billions; and the Electoral Commission breach that exposed millions of voter records. The hosts explain the language the report uses — from “historical underinvestment” to “not achievable” targets — and what those admissions mean in plain English. The episode also examines the Cabinet Office’s proposed response: new accountability rules giving accounting officers (permanent secretaries) personal responsibility for cyber risk, routine cyber risk reporting to boards, escalation mechanisms, and potential consequences including removal or public parliamentary scrutiny. The hosts discuss how this mirrors the health & safety/HSE accountability model and why public‑sector reform will likely set the precedent for private‑sector regulation (including implications of forthcoming cyber security and resilience legislation). Financing and timelines are analysed too: the government has allocated around £210 million to kickstart a central cyber transformation unit with milestones through 2029, but the hosts stress this is a down payment — true remediation will take years and likely billions. The Plan’s investment priorities (visibility/monitoring, accountability, supply‑chain assurance, incident response and skills) form a checklist for businesses to adopt now. Supply‑chain requirements are a central takeaway: departments will require security schedules, certification (Cyber Essentials, Cyber Essentials Plus, ISO 27001 where appropriate), and documented evidence of controls. These requirements will cascade down through primes to second‑ and third‑tier suppliers, so small businesses should expect tightened demands for proof of security and that compliance will become a competitive advantage. The hosts finish with practical, actionable advice for small businesses: treat cyber risk as board‑level risk; establish personal accountability and clear escalation; prioritise visibility and monitoring; inventory and pragmatically manage legacy systems; obtain appropriate certifications (Cyber Essentials Plus, ISO etc.) if you have or might have public‑sector exposure; segregate and protect government work; build or improve incident response capability; and use this moment to push cultural change so security is embedded across the organisation. Throughout the episode Noel, Mauven and Graham provide candid analysis, real examples from recent government failures, and specific steps SMBs can take now to reduce risk and gain a competitive edge as regulation and procurement expectations tighten. Listeners are pointed to the full Government Cyber Action Plan on gov.uk and the podcast blog for a detailed breakdown and sources.

    27 min

  5. JAN 5

    When MFA Isn’t Enough: Inside Adversary‑in‑the‑Middle Attacks

    In this episode Mauven McLeod and Graham Faulkner (with Noel Bradford joining partway through) unpack a worrying trend: adversary‑in‑the‑middle (AITM) attacks that steal session tokens and completely bypass conventional multi‑factor authentication (MFA). Using Microsoft’s recent telemetry (a 146% jump in AITM incidents) as a backdrop, they explain how transparent proxy phishing pages relay credentials and MFA approvals to capture session tokens and gain hours of unrestricted access to Microsoft 365 accounts. The hosts explain, in plain technical terms, why SMS codes, authenticator app push prompts and one‑time codes fail against these attacks and why the stolen session token becomes a single‑factor credential for attackers. They describe what attackers typically do after compromise — mailbox reconnaissance, forwarding rules, OAuth app persistence, and registering new authentication methods — and highlight the scale of automated phishing‑as‑a‑service tools that make these attacks cheap and fast. The episode then walks through the practical, phishing‑resistant solutions every small business should consider: Windows Hello for Business, hardware security keys (YubiKey, Authentrend and similar), and passkeys on mobile devices. For each option they cover how it works, deployment requirements, licensing or purchase costs, user experience trade‑offs, and which users to prioritize for rollout. Mauven and Graham recommend a tiered, risk‑based rollout strategy: protect admin and privileged accounts first, then finance/HR/executives, and finally the wider workforce over months. They discuss real‑world gotchas — legacy apps that don’t support modern auth, BYOD complications, mobile workflows, and the need for a secured “break glass” account — plus expected labour, training and hardware costs for a typical 30‑user small business. Beyond replacing or upgrading MFA, the hosts cover essential complementary controls: conditional access policies, continuous access evaluation (CAE) to shorten token windows, blocking legacy authentication (SMTP/IMAP/POP), impossible‑travel detection, and concrete incident response steps (revoking sessions, removing rogue MFA methods and OAuth apps, checking forwarding rules and mailbox rules, and doing forensics on accessed data). The episode closes with an immediate to‑do list for small businesses: verify MFA is actually enabled, remove SMS/email MFA methods, plan a phishing‑resistant rollout starting with tier‑1 users, enable conditional access and CAE, and budget for training and support. They also preview an upcoming multi‑episode series to help businesses build a practical incident response plan. Listeners can expect a technically grounded but actionable discussion aimed at business owners and IT staff: why traditional MFA is still valuable, why it’s not enough against AITM, and exactly how to adopt phishing‑resistant authentication to close that gap.

    39 min

  6. SEASON 1 TRAILER

    3AM Ringtone of Doom? Build Your 6-Module Incident Response Plan

    What You'll Learn Three in the morning. Your phone's ringing. Someone's encrypted your customer database. What do you do? This trailer launches our most ambitious series yet: a six-module programme running January through March 2026 that transforms panic into a complete, tested incident response plan. Each module drops every two weeks, giving you time to implement before the next one arrives. Between modules, normal episodes continue covering current threats, breaches, and patches. This Series Will Give You: Complete incident response framework for small businesses Communication templates you can use during an actual incident Threat-specific playbooks for ransomware, data breaches, and system compromises Testing procedures that prove your plan works under pressure Implementation time built into the schedule Practical guidance for teams with real constraints What This Series Covers Module 1: Incident Response Foundations (Early January 2026) What You'll Build: Clear decision tree for incident classification Role definitions (even if your team is three people) Initial response procedures Documentation requirements Escalation pathways Practical Outputs: Who does what, when, and how Your first response checklist Contact list template Module 2: Building Your Response Team (Late January 2026) What You'll Build: Response team structure for small businesses Role assignments that work with limited staff External contact management Vendor coordination procedures Backup personnel plans Practical Outputs: Team roster with responsibilities External contacts database Succession planning for key roles Module 3: Communication Plans (Early February 2026) What You'll Build: Internal notification procedures Customer communication templates Regulatory reporting guidance Media handling basics Stakeholder management Practical Outputs: Communication templates ready to use Notification timelines Contact escalation matrix Module 4: Threat-Specific Playbooks (Late February 2026) What You'll Build: Ransomware response procedures Data breach protocols System compromise workflows Phishing incident handling Insider threat procedures Practical Outputs: Step-by-step playbooks for each threat type Decision trees for common scenarios Evidence preservation guides Module 5: Testing Your Plan (Early March 2026) What You'll Build: Tabletop exercise framework Simulation scenarios Assessment criteria Continuous improvement process Lessons learned documentation Practical Outputs: Test schedule Simulation scripts Improvement tracking system Module 6: Complete System Integration (Late March 2026) What You'll Build: Your complete, customised IR plan Integration with existing processes Maintenance schedule Annual review procedures Staff training programme Practical Outputs: Final incident response plan document Ongoing maintenance checklist Training materials for your team Between Modules: Normal Episodes Continue Every other week between module releases, you'll get: Latest Breach Analysis: What happened, how it happened, what you can learn Critical Security Patches: What you need to apply and why (see our December 2025 Patch Tuesday analysis) Emerging Threat Intelligence: Current attacks targeting UK small businesses Practical Implementation Guides: Hands-on advice for immediate action Because security doesn't pause whilst you're building your plan. The Two-Week Implementation Rhythm Week 1: Module episode drops Week 2: Implementation time + normal episode Week 3: Next module episode drops Week 4: Implementation time + normal episode This cadence gives you: Time to actually implement each module Space to ask questions and refine Current threat intelligence throughout Sustainable pace for resource-constrained teams Why This Series Matters The UK Small Business Reality Current State: 43% of UK small businesses experienced cyber breaches last year (DSIT 2025) Average breach cost: £250,000 Some breaches exceed £7 million 60% of small businesses close within six months of a major cyber incident NCSC estimates 50% of UK SMBs will experience a breach annually The Gap: 73% have no board-level cybersecurity responsibility (see Episode 31: The Risk Register Argument) Most have no documented incident response plan Existing plans are often enterprise frameworks that don't work for SMBs When incidents occur, response is reactive panic rather than systematic procedure The Opportunity: Having a tested incident response plan can reduce breach impact by up to 70% Cut recovery time significantly Minimise business disruption Demonstrate due diligence for cyber insurance Meet regulatory requirements Protect customer trust This Isn't Enterprise Security Theatre Traditional incident response planning assumes you have: Dedicated security team 24/7 SOC coverage Unlimited budget Complex organisational structure Enterprise-grade tools This series assumes you have: Limited staff wearing multiple hats Constrained budget Time pressure Real business to run Practical need for procedures that actually work Every recommendation is: Tested in actual small business environments Budget-conscious Time-realistic Scalable as you grow Focused on high-impact, low-cost implementations Who Should Listen to This Series This series is particularly relevant for: UK small business owners (5-50 employees) who need incident response capability Startup founders building security from the ground up SME managers responsible for cybersecurity without security backgrounds Solo IT staff who handle everything Business owners who've invested in prevention but lack response capability Anyone who thinks "we're too small to need an incident response plan" Directors concerned about personal liability under the Companies Act Businesses pursuing Cyber Essentials or cyber insurance Professional services firms handling sensitive client data You'll especially benefit if: You've asked "what happens if we get breached?" and had no good answer Your current plan is "call the IT guy and hope" You've got prevention sorted but no response capability You need to demonstrate due diligence for insurance or compliance You're responsible for security but lack formal training Your team is small and you can't afford enterprise solutions What Makes This Series Different Practical Implementation Focus Not theoretical frameworks or consultant waffle. Every module produces concrete, usable outputs you can implement on a Tuesday afternoon between customer calls. Small Business Specific Built for teams of 3-50 people, not Fortune 500 enterprises. Acknowledges real constraints around time, money, and expertise. Tested in Real Environments Every procedure comes from actual small business implementations. No academic theory or enterprise assumptions. Sustainable Pace Two-week rhythm gives you time to implement, refine, and ask questions before the next module arrives. Continuous Relevance Normal episodes between modules keep you current on threats, breaches, and patches whilst you're building your plan. Complete System Six modules build into one cohesive incident response capability, not disconnected tips. Content Calendar January 2026: Week 1: Module 1 - Incident Response Foundations Week 2: Normal Episode (current threats) Week 3: Module 2 - Building Your Response Team Week 4: Normal Episode (current threats) February 2026: Week 1: Module 3 - Communication Plans Week 2: Normal Episode (current threats) Week 3: Module 4 - Threat-Specific Playbooks Week 4: Normal Episode (current threats) March 2026: Week 1: Module 5 - Testing Your Plan Week 2: Normal Episode (current threats) Week 3: Module 6 - Complete System Integration Week 4: Normal Episode (current threats) Subscribe Now Don't miss any module in this series. Subscribe on your preferred platform: Apple Podcasts: Currently ranked #13 in Management category worldwide Spotify: New episodes every week All Major Podcast Platforms: Search for "The Small Business Cyber Security Guy" RSS Feed: Direct feed link Connect With Us Need Help? If you need direct assistance with incident response planning or any cybersecurity topic we cover: Email: hello@thesmallbusinesscybersecurityguy.co.uk Website: thesmallbusinesscybersecurityguy.co.uk Resources & Guides Visit our website for: Detailed implementation guides Template downloads Step-by-step walkthroughs All episode show notes and transcripts Blog articles expanding on episode topics Newsletter "No BS Cyber for SMBs" on LinkedIn - practical cybersecurity advice delivered weekly by Noel Bradford Share This Series Know someone who needs this? Share with: Business owners without incident response plans IT managers dealing with limited resources Directors concerned about cyber liability Anyone responsible for small business security About the Hosts Noel Bradford With over 40 years in IT and cybersecurity across enterprises including Intel, Disney, and BBC, Noel now serves as CIO/Head of Technology for a boutique security-first MSP. He brings enterprise-level expertise to small business constraints, translating million-pound solutions into hundred-pound budgets. His mission is making cybersecurity practical and achievable for resource-constrained small businesses. Mauven MacLeod Former UK Government cyber analyst, Mauven brings systematic threat analysis and government-level security thinking to commercial reality. With her Glasgow roots and ex-government background, she translates complex security concepts into practical advice for small businesses, asking the questions business owners actually need answered. Related Episodes & Blog Posts Preparation for This Series: Episode 17: Social Engineering - The Human Firewall Under Siege Episode 30: The Printer Is Watching - IoT Security Episode 29: Reverse Benchmarking - Learning from Disasters Episode 31: Boards, Breaches and Accountability - Risk Registers Related Blog Posts: Reve

    2 min

  7. 12/22/2025

    Facepalm Retrospective: 2025’s Greatest Cyber Fails — From 123456 to the Louvre

    Welcome to the Small Business Cybersecurity Guy Christmas Special with host Noel Bradford and guests Mauven MacLeod and Graham Falkner. This episode is a rapid-fire, often hilarious and sometimes horrifying roundup of the most spectacular cyber security disasters of 2025, told with a no-nonsense focus on what small businesses should learn from them. We open with the MacHire fiasco: security researchers discovered an admin account on McDonald’s AI hiring chatbot (Paradox.ai/Olivia) protected by the password "123456," exposing up to 64 million applicant records. The researchers reported the flaw; no known mass theft occurred, but the episode underlines vendor risk and the dangers of legacy test accounts and absent MFA. Next, we cover the Louvre post-heist revelations: a €88m jewel theft followed by reports showing decades-old surveillance systems running Windows 2000/XP, passwords like "Louvre" and systemic neglect. The story is used to illustrate how even world-famous institutions fail at basic cyber hygiene. We recap the PowerSchool catastrophe, where a 19-year-old college student used compromised credentials to access a support portal and exposed data on some 62 million students and millions of staff. The attack led to ransom demands, payments, further extortion attempts, criminal charges, and a clear lesson — no MFA, huge consequences. The UK was a hotspot in 2025: Jaguar Land Rover, Marks & Spencer, Co-op, Harrods and others suffered disruptive breaches often rooted in third-party/supply-chain compromises. We also discuss the Foreign, Commonwealth & Development Office breach (detected in October, disclosed in December), suspected China-linked activity, and the difficulties of attribution. In a rapid-fire segment we cover smaller-but-still-impactful stories: a ransomware gang that abandoned an extortion against nurseries after public outrage; attacks on Asahi, DoorDash and Harvard; widespread exploitation of unpatched SharePoint vulnerabilities; and how simple phishing and credential theft continue to be the root cause of major incidents. Key takeaways for small businesses are emphasized throughout: enable multi-factor authentication, use strong unique passwords and password managers, patch promptly, run vendor due diligence and risk registers, train staff on phishing/social engineering, maintain incident response plans, and treat supply-chain security as part of your attack surface. The hosts argue the fundamentals work — do the boring basics correctly. The episode closes with practical advice, links to the revamped blog and Noel’s "No BS Cyber for SMBs" newsletter on LinkedIn, and a festive-but-sober call to change weak passwords (definitely not to "123456") and enable MFA before the new year.   #Cybersecurity #Ransomware #DataBreaches #PasswordSecurity #SupplyChainSecurity #SmallBusiness #UKCyber #InfoSec #Christmas2025 #PowerSchool #McDonalds #JaguarLandRover #ForeignOffice

    22 min

  8. 12/15/2025

    Boards, Breaches and Accountability: Why Small Firms Need Risk Registers Now

    Do UK small businesses need cyber risk registers? Graham said no. After this 40-minute debate with Noel Bradford, he changed his mind completely. This Small Business Cyber Security Guy podcast episode tackles cyber risk management for UK SMEs through a heated debate about whether small business boards need formal cyber risk registers. UK cyber security statistics that changed Graham's mind: 43% of UK small businesses experienced cyber breaches last year (DSIT 2025) 73% have no board-level cyber security responsibility 28% of SMEs say one cyber attack could close them permanently (Vodafone 2025) Average UK small business breach costs £3,398 Real-world cyber risk register failures: UK manufacturing company with "satisfactory" security controls destroyed by ransomware. Had antivirus, firewalls, backups. No documented cyber risk assessment. No board-level governance. Business nearly closed. Companies Act director duties most UK boards ignore: Section 174 requires directors exercise "reasonable care, skill and diligence" in managing company risks. With 43% breach rates, cyber risk is material. Failure to document cyber risk management exposes directors to personal liability. Practical cyber risk register implementation: ✓ Minimum viable cyber risk register template (8 columns, single spreadsheet) ✓ Board-level cyber security governance framework ✓ Quick remediation: enable MFA, test backup restoration, implement payment verification ✓ NCSC Board Toolkit guidance for UK SMEs ✓ Cyber insurance risk assessment requirements Perfect for UK small business owners, SME directors, startup founders, business managers responsible for cyber security compliance, GDPR, and corporate governance. Listen to this cyber security governance debate and learn why risk registers aren't bureaucracy - they're legal protection for directors and businesses.

    46 min
See All (58)

Trailers

About

The UK's leading small business cybersecurity podcast, helping SMEs protect against cyber threats without breaking the bank. Join cybersecurity veterans Noel Bradford (CIO at Boutique Security First MSP) and Mauven MacLeod (ex-UK Government Cyber Analyst) as they translate enterprise-level security expertise into practical, affordable solutions for UK small businesses. 🎯 WHAT YOU'LL LEARN: Cyber Essentials certification guidance Protecting against ransomware & phishing attacks GDPR compliance for small businesses Supply chain & third-party security risks Cloud security & remote work protection Budget-friendly cybersecurity tools & strategies 🏆 PERFECT FOR: UK small business owners (5-50 employees) Startup founders & entrepreneurs SME managers responsible for IT security Professional services firms Anyone wanting practical cyber protection advice Every episode delivers actionable cybersecurity advice that you can implement immediately, featuring real UK case studies

Information

You Might Also Like