The Small

Business

Cyber Security Guy

⭐100K+ Monthly Downloads

⭐Top 20 Apple Management

⭐100K+ Monthly Downloads ⭐Top 20 Apple Management

Welcome to the blog and podcast, where we share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.

Everything here is personal. These are my and the team’s thoughts, opinions forged in the heat of battle! And not those of our employers, clients, or any other professional with whom we are associated.

If you’re offended, take it up with us, not them.

What you’ll get here (and on the podcast):

  • Straight-talking advice for small businesses that want to stay secure

  • Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense

  • The occasional rant — and yes, the occasional expletive

  • War stories from the frontlines (names changed to protect the spectacularly guilty)

I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.

This blog and the podcast are where we break it all down.

Grab a coffee and pull up a chair, you need to see this!

Latest Articles
UK SMBs Left in the Crosshairs
UK SMBs Left in the Crosshairs
Directors Should Face Criminal Liability for Cyber Security Negligence. Here's Why.
Directors Should Face Criminal Liability for Cyber Security Negligence. Here's Why.
Risk Management, Technology Risk Noel Bradford Risk Management, Technology Risk Noel Bradford

How to Build a Cyber Risk Register That Actually Works: The Technical Reality Behind Board Governance

Most cyber risk registers are useless compliance documents.

They contain vague descriptions, unverifiable controls, and no honest assessment of likelihood or impact.

A working risk register has exactly seven columns: specific risk scenarios, likelihood based on real UK statistics, quantified impacts including business closure potential, verifiable current controls, residual risk ratings, costed additional controls, and named board-level owners.

Every UK SME must address five mandatory risks: phishing (85% of breaches), ransomware, supply chain compromise, insider threats, and cloud misconfiguration.

Ten critical technical controls cover 90% of actual threats. Implementation costs £150-300 per user annually. One prevented £3,398 breach pays for years of protection.

Read More
Technology Risk Mauven MacLeod Technology Risk Mauven MacLeod

Why Smart People Keep Ignoring Smart Device Security: The Psychology Behind IoT Blindness

After this week's podcast revelation about the marketing agency losing client files through an unsecured printer, my inbox has been full of variations on the same question: how do intelligent business owners with otherwise solid security miss something this obvious?

The answer isn't comfortable, but it's important: IoT security failures aren't about lack of intelligence. They're about systematic psychological blind spots that affect everyone from small business owners to government departments.

Former UK Government analyst reveals the cognitive biases costing UK businesses millions and, more importantly, how to overcome them before your next security decision. Understanding the psychology prevents the breach.

Read More
Technology Risk, Business Security Graham Falkner Technology Risk, Business Security Graham Falkner

Opinion: UK SMBs Are Funding AI's Energy Crisis and Nobody Asked Permission

Here's a question for your weekend: Did anyone ask if UK small businesses wanted to fund Microsoft's nuclear reactor restart?

Because that's what's happening. While Microsoft spends $1.6 billion restarting Three Mile Island, Google partners with Kairos Power for small modular reactors, and Amazon secures nuclear capacity across multiple projects, your cloud bills are climbing to pay for it.

Nobody took a vote. Nobody asked permission. Tech giants made a collective decision that AI is worth unlimited energy consumption, and UK SMBs are involuntary investors in that bet. Let's talk about that.

Read More

⚠️ Full Disclaimer

This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:

  • My employer

  • Any current or past clients, suppliers, or partners

  • Any other organisation I’m affiliated with in any capacity

Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.

Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.

In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.