In one of 2025’s most disgraceful breaches, Lawcover — the indemnity insurer for thousands of lawyers — exposed the personal and financial data of judges and solicitors through an unencrypted SharePoint backup. It’s not a sophisticated hack; it’s old-school negligence. Five-year-old legal records, sensitive case data, and passport numbers were all left to rot in the cloud. The incident highlights just how dangerously out of touch the legal sector is when it comes to basic cyber hygiene. In this
Your IT provider just became your biggest security threat. The DragonForce ransomware gang didn't break down your front door – they got handed the keys by exploiting the very tools meant to protect you. While you've been worrying about suspicious emails, criminals turned SimpleHelp and other RMM software into weapons of mass destruction. One compromised MSP means hundreds of businesses infected in minutes. The attack already happened. The vulnerabilities were known. The warnings were ignored. An
Cybersecurity isn’t IT’s job anymore, it’s yours. Ransomware doesn’t spread because hackers are clever. It spreads because leadership keeps treating security like plumbing: fix it when it breaks. This final part in our trilogy calls out the boardroom silence, the risk registers no one updates, and the plans that never get tested. If your business is still relying on hope, luck, or “that one guy in IT,” you’re not secure you’re surviving on borrowed time. This isn’t fear-mongering. It’s your fina
Cyber insurance isn’t a silver bullet and claim denials are rising fast across the UK. Whether it’s poor security hygiene, policy exclusions, or failure to meet basic requirements, many businesses are learning the hard way that they’re not actually covered when disaster strikes. This guide breaks down why insurers are rejecting claims, what Cyber Essentials (and Plus) have to do with your insurability, and why your MSP might be part of the problem. If you’re relying on a policy you haven’t read,
Every UK business has a fire plan. Most have flood plans. Some even worry about theft. But ask what happens when ransomware encrypts every file and locks you out of your own systems? Silence. No plan. I just crossed my fingers and am praying to the cyber gods. While you’ve invested in fire extinguishers and insurance policies, attackers have invested in your network. Your business isn't ready without a tested, documented, and rehearsed cyber recovery plan. You’re vulnerable. And no, your MSP’s v
Yes, this is real. Yes, it’s still happening. Businesses in 2025 are still exposing Remote Desktop Protocol (RDP) to the open internet like it’s a perfectly normal thing to do. It’s not. It’s deranged. It’s like licking a petrol pump and being surprised you got sick. If you’re still running RDP with no VPN, no access controls, no MFA, and no clue , buckle up. This isn’t just a best practice failure. This is IT malpractice. And if you’re an MSP still recommending it? You should probably stop call
Microsoft Teams is the new darling of UK business. It’s chat, calls, meetings, file sharing and productivity all in one app. Unfortunately, it’s also a goldmine for attackers, and they know it. With the Tycoon 2FA phishing kit now targeting Microsoft 365 users through fake Teams login prompts, criminals are bypassing multifactor authentication in real time. It’s slick. It’s scary. And worst of all, it works. If your business still believes Teams is “safe because it’s Microsoft,” you’re dangerous
It’s 2025, but some UK councils and NHS departments are still sending confidential data via fax machines. That’s right. No encryption, no audit trail, just a shrieking relic from the 1980s spewing out safeguarding case notes or your latest blood test results from the GUM clinic into a shared office tray. With the analogue switch-off looming, this isn’t just old-fashioned, or quaint, it’s reckless. Why the hell are printer manufacturers are still enabling this madness - Looking at you HP, Epson,
Think the hackers are your biggest threat? Think again. That smiling MSP rep who promised “complete protection” might just be the reason your business is on its knees. Ransomware rarely walks in the front door it’s invited through by lazy patching, crap backups, and a culture of "just enough" IT. From misconfigured firewalls to fake dashboards and vendors more interested in sales than security, this is the real story of how ransomware thrives, enabled by the very people paid to stop it. If you t
It’s 2025. You’re in a sterile, brightly lit dental surgery — and there it is. A screen glowing with the unmistakable Windows 7 login. The same OS that went end-of-life in 2020. What the actual hell? That PC isn't just a relic — it’s a walking GDPR violation and a ransomware welcome mat. If your dentist is still running patient records on Windows 7 or even XP, you’re not just risking plaque you’re risking identity theft. Please for the love of all things secure STOP THIS NOW. Before a root canal
A ransomware attack just crippled one of the UK’s key cold chain hauliers, leaving thousands of pounds’ worth of meat to rot before it ever reached supermarket shelves. Peter Green Chilled, who proudly promote their “bespoke IT systems,” couldn’t even keep order processing online. The result? Spoiled stock, supply chain chaos, and radio silence from a company with £25 million in turnover and not a single cybersecurity certification. This isn’t just an embarrassing IT failure. It’s a wake-up call
On 28 April 2025, the UK’s beloved Cyber Essentials scheme quietly lobbed a compliance grenade into your IT department. The Willow question set has arrived, and with it comes a new standard for audits, especially for Cyber Essentials Plus. The big twist? You no longer get to pick the test machines. That’s right , your favourite “show laptop” patched 20 minutes before the audit isn’t going to save you. The auditor picks now ,and gives you just three working days' notice . Smoke, meet exit. This a
Too many UK businesses trust ISO27001 and SOC 2 to keep them safe. They shouldn’t. These frameworks focus on governance, not enforcement. When ransomware hits or supply chains collapse, it’s always the same gaps: patching failures, lack of segmentation, poor endpoint hygiene. Cyber Essentials, especially CE+, isn’t a tick-box. It’s the defensive baseline that would have saved countless organisations from disaster. This article lays out the real problem and preaches the blunt truth: no ISO, no SO
You’d think ISO27001 and SOC 2 certifications mean a business is secure. But if 2023 and 2025 have shown us anything, it’s that those badges don’t stop breaches. From Capita’s data leaks to Harrods’ containment chaos, and Co-op’s app disruption to the MOVEit dominoes, governance frameworks have failed where basic cyber hygiene would have succeeded. Cyber Essentials, often dismissed as small business fluff, turns out to be the missing frontline control in all of these high-profile failures. This
Think Cyber Essentials and ISO27001 are just different flavours of the same thing? Think again. One’s a tactical shield against everyday threats, the other’s a strategic blueprint for governance. Mistake one for the other, and you’ll either overspend or leave the door wide open. This article rips into the dangerous misconception that they’re interchangeable, explores how Cyber Essentials is built for every organisation, from startups to schools, and why it remains your frontline defence while IS
Ransomware isn’t your biggest problem—it’s just the one that finally made you look. Behind every cyberattack sits a decade of crap decisions, from budget-stretched IT to untrained staff, weak passwords, and clueless suppliers. You didn’t get hit because you were unlucky. You got hit because your house was already on fire. This is part one of a blistering three-part series breaking down the disease beneath the ransomware epidemic ripping through the UK’s small business sector. If you think you’re
May’s Patch Tuesday is coming in hot—and if April’s mess left your domain logins broken, WSUS deployments in meltdown, or your Hello PIN sulking in the corner, you’ll want this one. Microsoft is set to mop up its authentication chaos, plug lingering Windows 10 holes, and squash a few zero-days while it’s at it. But that’s not all. Adobe, Intel, and SAP are sneaking in updates too. This month’s patch drop might not be as noisy as April, but it’s arguably more important. Brace yourself for impact
The UK Legal Aid Agency has been hit by a serious cybersecurity incident—and the fallout could be catastrophic. With over 1.5 million legal aid cases a year and £2.3 billion in funding flowing through its systems, sensitive data from criminal, immigration, and abuse cases could now be in the hands of cybercriminals. Was it a supply chain failure? A government screw-up? (Spoiler: probably both.) If you thought justice was blind, wait until you see how blindfolded their cybersecurity really was. H
The EU has finally banned SIM farms — about five years after scammers used them to turn SMS networks into a cybercrime playground. Bravo. This industrial-scale abuse wasn’t exactly a secret, yet regulators somehow needed a multi-year nap before acting. Businesses were battered, individuals scammed, networks flooded and now, just as criminals are moving onto bigger, nastier tricks, the ban lands with all the urgency of a snail on sedatives. It’s the right move, just years too late. If this is wha
