No vendor pitches. No theoretical nonsense. Just the brutal truth about what's targeting your business and how to stop it.
Imagine watching the house next door burn and nodding sympathetically about smoke alarms — then never changing the battery in your own. That image opens our episode as Noel Bradford sits with Mauven MacLeod, Lucy Harper and Graham Falkner to unpack the UK Cybersecurity Breaches Survey 2025–26. This …
When a government minister stood on a podium in Glasgow and said, “the cyber front line is already here,” it did not sound like a warning. It sounded like a cold, unavoidable truth. In this episode, Noel Bradford is joined by Maurven and Graham, who attended Cyber UK 2026, to unpack what was said, w…
Every office has that moment: the site won’t load, someone whispers “DNS,” and immediately half the room turns into a jury with opinions but no evidence. In this episode of Small Business Cybersecurity Guy, Noel Bradford, Mauven MacLeod, Lucy Harper and Graham Falkner turn that reflexive blame into …
167 vulnerabilities. Two zero-days. One already used in live attacks. Graham Falkner breaks down April's Patch Tuesday and what your business needs to do today — in under 10 minutes. For full show notes etc: see https://thesmallbusinesscybersecurityguy.co.uk/blog/patch-tuesday-april-2026-sharepoint-…
They said they were secure because they’d turned on Microsoft 365 and MFA. That should have been the end of the conversation — except it wasn’t. In this episode we follow a small-business sagawhere confidence meets complacency: a tidy subscription, a proud admin ticked off in the dashboard, and then…
What if you did everything right — paid the premiums, bought the policy — and on breach day they simply said, "nope"? This episode opens with that cold shock: a tiny answer on a form you filled 18 months ago about MFA, a quiet clause about state-backed operations, and suddenly a million-pound disast…
Imagine opening the office fridge and finding a cloudy, unlabeled bottle of milk. You wouldn’t drink it — so why are businesses still running tills, routers and servers on ancient, unsupported software? In this episode Graham, Noel, Lucy and Mauven turn the mic onto the maddening normality of ‘myste…
Tonight’s episode opens in an empty studio, a fridge with two bottles of Prosecco and a conspicuously absent Noel — the perfect stage for a conversation that is equal parts wry and urgent. Three hosts trade jokes and a refill, but the real story soon emerges: many cyber disasters don’t begin with ci…
Do small businesses really need another cyber security badge? In this episode, Noel Bradford, Mauven MacLeod and Graham Falkner dig into SMB 1001, a five tier cyber security standard aimed at small and medium sized businesses. They break down what the bronze, silver, gold, platinum and diamond level…
Listen in as the Small Business Cybersecurity Guy rips through March 2026 Patch Tuesday like a mechanic with a torque wrench: blunt, precise, and impossible to ignore. This episode opens on a single, brutal premise — Windows updates are not a choose‑your‑own‑adventure. They are binary. You either de…
Imagine your website is a billboard: a shining Cyber Essentials badge promising security and trust. Now imagine a regulator, insurer or large customer asks one awkward question — and that glossy logo turns from an asset into potential evidence against you. In this episode we walk into that exact mom…
Imagine an attacker not as a hoodie-wearing wizard wrestling with your firewall, but as someone quietly slipping through an unlocked back door with keys they bought on the dark web. In this episode we sit down with Corrine Jefferson, a former government cyber professional who now helps UK small busi…
Picture yourself tapping your card at a bustling store, the till chirps, you walk away thinking that’s the end of the story. For millions of Currys' customers, that ordinary moment in 2017 was the opening scene of a nearly decade-long drama that would ripple through courtrooms, regulator offices and…
Picture this: you’re a minister in Europe and Washington quietly asks for a peek. Your emails, drafts and cabinet notes aren’t in a secret vault — they live on someone else’s servers. This episode opens on that impossible, very real moment and follows the ripple effects: threats of sanctions, a neut…
In this episode of Small Business Cybersecurity Guy, host Maurven McLeod and guest Dr Corinne Jefferson (former US government intelligence analyst turned London-based consultant) unpack Google Threat Intelligence’s alarming report on the Defence Industrial Base (DIB) and explain exactly why it matte…
Host Graham Falkner breaks down Microsoft’s February 2026 Patch Tuesday: more than 50 vulnerabilities across Windows and Microsoft 365, including six that were actively exploited before patches arrived. This episode explains which flaws matter, who’s affected, and the practical steps businesses shou…
In this urgent episode of Small Business Cybersecurity Guy, hosts Mauven MacLeod and Graham Falkner join the notably fed-up Noel Bradford to unpack four simultaneous, high‑impact campaigns that emerged between late January and early February 2026. We walk listeners through detailed research from Tre…
In this urgent episode of The Small Business Cybersecurity Guide, hosts Noel Bradford, Mauven McLeod and Graham Faulkner bring together three experts to answer one question: why you’re doing security wrong and what practical steps will actually protect your business. We cover four pressing, unconnec…
In this episode of Small Business Cybersecurity Guy, hosts Mauven MacLeod, Noel Bradford and Graham Falkner walk you through Module One of their six-part incident response plan series: building your response team. Through the real-world Katie Roberts case study (name changed), they show why independ…
Hosted by Graham Falkner, this episode is a rapid, no‑nonsense January Patch Tuesday breakdown aimed at small businesses and IT owners. Graham walks listeners through Microsoft’s unusually large release of 114 security updates, explains the essential jargon (CVE and CVSS), and highlights why severit…
In this episode of the Small Business Cybersecurity Guy, host Noel Bradford is joined by Mauven McLeod and Graham Falkner to unpack the Cabinet Office’s January 2026 Government Cyber Action Plan — a blunt, 100‑page admission that the UK government’s cybersecurity posture is “critically high” risk an…
In this episode Mauven McLeod and Graham Faulkner (with Noel Bradford joining partway through) unpack a worrying trend: adversary‑in‑the‑middle (AITM) attacks that steal session tokens and completely bypass conventional multi‑factor authentication (MFA). Using Microsoft’s recent telemetry (a 146% ju…
What You'll Learn Three in the morning. Your phone's ringing. Someone's encrypted your customer database. What do you do? This trailer launches our most ambitious series yet: a six-module programme running January through March 2026 that transforms panic into a complete, tested incident response pla…
Welcome to the Small Business Cybersecurity Guy Christmas Special with host Noel Bradford and guests Mauven MacLeod and Graham Falkner. This episode is a rapid-fire, often hilarious and sometimes horrifying roundup of the most spectacular cyber security disasters of 2025, told with a no-nonsense foc…
Do UK small businesses need cyber risk registers? Graham said no. After this 40-minute debate with Noel Bradford, he changed his mind completely. This Small Business Cyber Security Guy podcast episode tackles cyber risk management for UK SMEs through a heated debate about whether small business boar…
Show notes December 2025 just shipped the last Microsoft security fixes of the year. Fifty seven vulnerabilities, three zero days, and one actively exploited Windows privilege escalation that hits almost every supported build. Are you patched before the Christmas break, or are you leaving a present …
For our 30th episode, we're tackling the cybersecurity blind spot that almost no one discusses but everyone should worry about. You've secured your laptops. You've rolled out multi-factor authentication. Your firewall is properly configured. But what about that office printer quietly storing every c…
What if the best way to protect your business isn't copying what the successful companies do, but avoiding what the failures did wrong? Welcome to reverse benchmarking, the cybersecurity equivalent of learning from other people's face-plants so you don't repeat them. In this episode, Noel and Mauven…
In this provocative second instalment of the accountability series, hosts Noel Bradford and Mauven MacLeod lay out a detailed proposal for a UK cybersecurity enforcement regime that balances protection for small businesses with personal liability for negligent directors. They compare the current wea…
What happens when business negligence causes serious harm to thousands of people? If a faulty ladder injures someone, directors face prison time. If forty million people have their data stolen due to poor security, they receive a strongly worded letter. In this provocative first episode of our two-p…
Graham Falkner delivers an authoritative deep dive into November 2025's Patch Tuesday updates, covering the most critical security vulnerabilities affecting businesses of all sizes. This month brings a perfect storm of actively exploited zero-days, critical Exchange Server flaws, and hundreds of pat…
The Spy Who Monitored Me - Ofcom's VPN Surveillance Farce Episode Information Episode Title: The Spy Who Monitored Me: Ofcom's VPN Surveillance Farce Episode Number: Hot Take Release Date: 11 November 2025 Duration: Approximately 18 minute Hosts: Mauven MacLeod & Graham Falkner Format: Research …
In this episode of the Small Business Cybersecurity Guide, hosts Noel Bradford and Mauven McLeod are joined by Mark Bell from Authentrend (episode sponsor) to explain why the mobile phone, long promoted as a convenient authentication tool, can be one of the weakest links in your business security. U…
On October 19th, 2025, four men dressed as construction workers stole €102 million in French crown jewels from the Louvre Museum in just seven minutes. The heist was poorly executed—thieves dropped items and failed to target the most valuable pieces—yet they succeeded spectacularly. Why? Because the…
In this episode Graham and Mauven break down a major overhaul to Cyber Essentials coming into force from April 2026. The hosts explain the headline change — mandatory multi-factor authentication (MFA) for every cloud service with no loopholes — and how the scheme has tightened scoping so any interne…
What if I told you there’s a laboratory in Switzerland where scientists are building computers from living human neurons? Sounds like science fiction, right? But it’s happening right now, and the energy crisis driving this research is about to affect every small business owner’s cloud computing bill…
This Halloween special of the Small Business Cyber Security Guy peels back the curtain on the scariest place hackers hide: the tools and toolchains you trust. Hosts Graeme Falkner, Noel Bradford and Mauven MacLeod go ghost hunting inside compilers, build systems and update pipelines to show how supp…
The £18,000 Saving That Cost £200,000 in Revenue Ever cut a cost that seemed obviously wasteful, only to discover you'd destroyed something far more valuable? Welcome to the Doorman Fallacy —it's probably happening in your business right now. In this episode, Noel Bradford introduces a concept from …
Hosts Mauven MacLeod and Graham Falkner deliver a fiery rant about the recent AWS US East 1 DNS outage and what it reveals about our dependence on cloud services. In this episode, they unpack the outage's real-world impact — from Snapchat and Venmo outages to Philips Hue bulbs and automated litter b…
Vendors love throwing around "InfoSec," "CyberSec," and "IT Security" like they're selling completely different solutions. Half the time it's the same thing with three different price tags. The other half? You're buying protection that doesn't address your actual risks. With 50% of UK small business…
Noel and Mauven unpack Discord’s third-party breach that exposed government-ID checks from age-appeal cases, then weigh it against Westminster’s push for a nationwide digital ID. It’s a frank look at how outsourcing, age-verification mandates and data-hungry processes collide with real-world securit…
Microsoft has released the October 2025 Patch Tuesday update, and the numbers tell a serious story: 172 security flaws patched, six of them zero-day exploits already in the wild. For UK small businesses, this is more than routine maintenance; these updates protect against vulnerabilities that attack…
Ministers have sent an urgent letter to UK business leaders after the NCSC handled 204 nationally significant cyber incidents in the past year, with 18 "highly significant" incidents – a 50% increase for the third consecutive year. Join Mauven MacLeod and Graham Falkner as they unpack the government…
We were wrapping up our interview with Tammy Buchanan about the Kido nursery breach when she said: "Actually, there were some really important points I forgot to make." So we grabbed another cup of tea, broke out the custard creams, and kept recording. Then, during the tea break, Graham discovered s…
Episode Description Following the Kido nursery breach where 8,000 children's photos were stolen and posted online, we sit down with education sector expert Tammy Buchanan. With 15 years working in UK schools and now consulting on data protection compliance, Tammy reveals the shocking reality of cybe…
Host Graham Faulkner dives into Windows 11 25H2 in this solo episode, explaining why this understated update matters for security, stability, and small-business productivity. He breaks down how 25H2 arrives as an Enablement Package (EKB), what that means if you’re already on 24H2, and why the stream…
In 40 years of Information Technology work, Noel Bradford has never been this angry. On September 25th, 2025, the Radiant ransomware gang stole personal data from 8,000 children at Kido International nurseries, posted their photos and medical records online, and then started calling parents at home …
Join hosts Noel Bradford and Mauven McLeod in this Back-to-School special of the Small Business Cybersecurity Guy podcast as they trace a line from 1980s schoolroom mischief to modern, large-scale breaches that put millions of students and small organisations at risk. Through recollections of early …
Co-op's CEO has just confirmed that their cybersecurity disaster cost £80 million. The attackers? Teenagers are using basic social engineering. In this Hot Takes episode, we break down how "We've contained the incident" turned into an £80 million earnings wipeout, and why the final bill could reach …
Date: 23 September 2025 — Host Mauven McLeod delivers a furious, fast-paced analysis of two seismic cyber incidents and what they mean for UK and global businesses. This episode examines the Jaguar Land Rover and Collins Aerospace ransomware attacks, the human-driven methods that enabled them, and w…
This episode explores the risks of relying on a single IT manager as an entire IT department. Hosts Noel Bradford and Mauven MacLeod unpack why paying one person a modest salary is not the same as buying a full team of specialists, and they share vivid real-world horror stories — from a sudden resig…
Most small business owners think CIO stands for "Chief I-Fix-Everything Officer" and CISO means "Chief I-Worry-About-Security Officer." In this episode, Noel Bradford (actual CIO/CISO) breaks down what these executive roles actually do and why your business desperately needs this strategic thinking …
September 2025 Patch Tuesday: Critical Business Update Special Edition with Graham Falkner Microsoft's September Patch Tuesday brings 81 security fixes, including 9 critical vulnerabilities already being exploited by attackers. This episode provides essential business guidance for small business own…
Episode Summary The Electoral Commission suffered a 14-month data breach affecting 40 million UK voters, yet faced zero ICO enforcement action. Meanwhile, small businesses receive crushing GDPR fines for minor infractions. This explosive episode exposes dangerous double standards leaving SMBs vulner…
🚨 SHOCKING: 60% of Small Businesses Shut Down Forever After Cyberattacks 96% of hackers target YOUR business, not big corporations. Think you're too small to be a target? Think again. Noel and Mauven reveal the brutal truth about cybersecurity that could save your business - or expose why you're al…
K&P Logistics — 158 years in business — wiped out in 48 hours by ransomware. Noel Bradford and Maurven MacLeod unpack that real-world catastrophe to show small businesses how the same fate can be avoided. If you run a local shop, agency or family firm and think cybersecurity is either incomprehe…
💀 Welcome to the UK's Cyber Graveyard 💀 Over 2,000 jobs GONE. Centuries of business history DELETED. All because of weak passwords and basic security failures that could have been prevented for FREE. 🚨 THE VICTIMS: KNP Logistics: 158 years old, £94.5M revenue → 730 redundancies Travelex: Global c…
After 17 episodes covering everything from basic password security to nation-state threats targeting corner shops, Noel and Mauven reveal what actually works, what consistently fails, and why most businesses are fighting 2019 threats with 2015 thinking while facing 2025 attack methods. 🎯 Shocking R…
🎧 Latest Episode Alert | Fresh intelligence from DefCon 33 reveals how AI-enhanced cyber threats to small business are accelerating rapidly. Techniques demonstrated in Las Vegas are targeting UK businesses within weeks. 🚨 Critical Cyber Threats to Small Business AI-Powered Social Engineering 85% s…
🚨 Episode 11: When Your Safety Net Becomes the Target Backup Security Under Fire + Business Email Compromise Reality Check Your backups aren't protecting you anymore—they're the primary target. In this explosive double-header episode, we expose why 94% of ransomware attacks now target backup system…
In the final part of our White House CIO Insights series, we explore the cutting-edge AI-powered threats that are transforming cybersecurity. Our special guest Sarah Chen, who heads up AI threat research at a leading UK cybersecurity firm, reveals how artificial intelligence is being weaponized by c…
UK Ransomware Ban: Why Your SMB Just Became a Bigger Target Show: The Small Business Cyber Security Guy Hot Take Hosts: Graham Falkner & Noel Bradford Episode Length: 7:30 Category: Business, Technology Episode Description The UK Government just dropped the most aggressive ransomware policy in t…
Episode Description Join Noel Bradford and Graham Falkner for another cybersecurity hot take as they dive into the alarming world of help desk social engineering attacks. This episode exposes how the notorious Scattered Spider group has weaponized basic human helpfulness to devastating effect, turni…
1984 is here! Just 41 years late - Big Brother is watching and censorship is increasing. The UK's Online Safety Act went live July 25th, 2025. VPN usage exploded 1,400% overnight. Teenagers are using PlayStation screenshots to bypass age verification. Join Noel Bradford and Mauven MacLeod for an eme…
Part 2 of White House CIO Insights Series | ~38 minutes How do you implement White House-level security without White House-level budgets? Building on insights from former White House CIO Theresa Payton's interview with Scammer Payback, Noel and Mauven explore the UK's Cyber Essentials framework - t…
What's scarier - protecting the President or a small business in Manchester? Former White House CIO Theresa Payton says they face exactly the same sophisticated threats now. Runtime: 36 minutes | Series: Part 1 of 3 | Hosts: Noel Bradford & Mauven MacLeodKey Topics Covered Nation-state targeting…
Show Notes Duration: 25:16 Hosts: Mauven MacLeod & Noel Bradford Technical debt isn't just old computers - it's a ticking time bomb in every UK business. When Noel discovers his local Oxford Council data was sitting in legacy systems for 21 years, things get personal. From NHS cyber deaths to £1…
Show Guide: When Basics Break - Special Bonus Episode Duration: 9 minutes | Type: Special Episode Episode Summary McDonald's password "123456" exposed 64 million job applications. M&S lost £300M to a phone call. Our full team dissects how basic security failures are destroying major brands and w…
Shadow IT: The Unauthorised Technology Inside Your Business 42% of business applications are unauthorised Shadow IT. Your employees have built hackers a data highway while trying to be helpful. What You'll Learn Detection Methods: DNS monitoring, MDM, endpoint audits, ThreatLocker solutions GDPR N…
What if hackers are already inside your business... and you invited them in? 63% of data breaches involve third-party vendors. Your payment processor, cloud storage, email provider - any could be the backdoor that destroys your business overnight. WHAT YOU'LL LEARN: Why small businesses are sitting …
Five days ago, it was Israel versus Iran. Over the weekend, American B-2 bombers dropped 14 bunker-busters on Iranian nuclear facilities. Today, your small business became a target in a war you're not even fighting. If you run a UK business using American tech services, and almost certainly yours do…
Noel and Morven explain why passwords are failing us, how bad habits put us at risk, and what small businesses can do about it today. From password overload to the rise of passkeys, this episode is your practical guide to ditching old security mistakes for good.…
This episode unpacks the global impact of Patch Tuesday, its evolution, and the chaos it tamed in cybersecurity. Noel and Mauven explore why patch management matters now more than ever and how attackers are always just one step behind—or sometimes ahead. Real stories and practical insights make sens…
This episode exposes why cyber certifications like ISO27001 and SOC 2 don’t guarantee real security. We break down the difference between frameworks and show how neglecting basic controls leaves even big brands open to attack.…
Iranian cyber attackers aren’t just hacking—they’re outsmarting and outmaneuvering defenses through psychological cunning. Noel and Morven break down the real methods behind the headlines, exposing how these groups trick even the savviest users and why old-school security training just isn’t enough …
Most cybersecurity advice is written by people who've never actually stopped a real attack. We're different. We've been on the frontlines of the world's biggest cyber incidents, and we know what actually works when criminals come calling.
No vendor pitches. No theoretical nonsense. Just the brutal truth about what's targeting your business and how to stop it.
Four decades of enterprise experience, from managing security operations at Disney, BBC, and Intel to serving as CIO/CISO of a cryptocurrency exchange. Known for his uncompromising stance on cybersecurity fundamentals and zero tolerance for vendor snake oil.
Former Government Cyber analyst with deep expertise in the UK threat landscape. Provides an insider perspective on government security initiatives, regulatory compliance realities, and the gap between policy and practice.
New episodes drop every Monday at noon.