No vendor pitches. No theoretical nonsense. Just the brutal truth about what's targeting your business and how to stop it.
Tonightβs episode opens in an empty studio, a fridge with two bottles of Prosecco and a conspicuously absent Noel β the perfect stage for a conversation that is equal parts wry and urgent. Three hosts trade jokes and a refill, but the real story soon emerges: many cyber disasters donβt begin with ci…
Do small businesses really need another cyber security badge? In this episode, Noel Bradford, Mauven MacLeod and Graham Falkner dig into SMB 1001, a five tier cyber security standard aimed at small and medium sized businesses. They break down what the bronze, silver, gold, platinum and diamond level…
Listen in as the Small Business Cybersecurity Guy rips through March 2026 Patch Tuesday like a mechanic with a torque wrench: blunt, precise, and impossible to ignore. This episode opens on a single, brutal premise β Windows updates are not a chooseβyourβownβadventure. They are binary. You either de…
Imagine your website is a billboard: a shining Cyber Essentials badge promising security and trust. Now imagine a regulator, insurer or large customer asks one awkward question β and that glossy logo turns from an asset into potential evidence against you. In this episode we walk into that exact mom…
Imagine an attacker not as a hoodie-wearing wizard wrestling with your firewall, but as someone quietly slipping through an unlocked back door with keys they bought on the dark web. In this episode we sit down with Corrine Jefferson, a former government cyber professional who now helps UK small busi…
Picture yourself tapping your card at a bustling store, the till chirps, you walk away thinking thatβs the end of the story. For millions of Currys' customers, that ordinary moment in 2017 was the opening scene of a nearly decade-long drama that would ripple through courtrooms, regulator offices and…
Picture this: youβre a minister in Europe and Washington quietly asks for a peek. Your emails, drafts and cabinet notes arenβt in a secret vault β they live on someone elseβs servers. This episode opens on that impossible, very real moment and follows the ripple effects: threats of sanctions, a neut…
In this episode of Small Business Cybersecurity Guy, host Maurven McLeod and guest Dr Corinne Jefferson (former US government intelligence analyst turned London-based consultant) unpack Google Threat Intelligenceβs alarming report on the Defence Industrial Base (DIB) and explain exactly why it matte…
Host Graham Falkner breaks down Microsoftβs February 2026 Patch Tuesday: more than 50 vulnerabilities across Windows and Microsoft 365, including six that were actively exploited before patches arrived. This episode explains which flaws matter, whoβs affected, and the practical steps businesses shou…
In this urgent episode of Small Business Cybersecurity Guy, hosts Mauven MacLeod and Graham Falkner join the notably fed-up Noel Bradford to unpack four simultaneous, highβimpact campaigns that emerged between late January and early February 2026. We walk listeners through detailed research from Tre…
In this urgent episode of The Small Business Cybersecurity Guide, hosts Noel Bradford, Mauven McLeod and Graham Faulkner bring together three experts to answer one question: why youβre doing security wrong and what practical steps will actually protect your business. We cover four pressing, unconnec…
In this episode of Small Business Cybersecurity Guy, hosts Mauven MacLeod, Noel Bradford and Graham Falkner walk you through Module One of their six-part incident response plan series: building your response team. Through the real-world Katie Roberts case study (name changed), they show why independ…
Hosted by Graham Falkner, this episode is a rapid, noβnonsense January Patch Tuesday breakdown aimed at small businesses and IT owners. Graham walks listeners through Microsoftβs unusually large release of 114 security updates, explains the essential jargon (CVE and CVSS), and highlights why severit…
In this episode of the Small Business Cybersecurity Guy, host Noel Bradford is joined by Mauven McLeod and Graham Falkner to unpack the Cabinet Officeβs January 2026 Government Cyber Action Plan β a blunt, 100βpage admission that the UK governmentβs cybersecurity posture is βcritically highβ risk an…
In this episode Mauven McLeod and Graham Faulkner (with Noel Bradford joining partway through) unpack a worrying trend: adversaryβinβtheβmiddle (AITM) attacks that steal session tokens and completely bypass conventional multiβfactor authentication (MFA). Using Microsoftβs recent telemetry (a 146% ju…
What You'll Learn Three in the morning. Your phone's ringing. Someone's encrypted your customer database. What do you do? This trailer launches our most ambitious series yet: a six-module programme running January through March 2026 that transforms panic into a complete, tested incident response pla…
Welcome to the Small Business Cybersecurity Guy Christmas Special with host Noel Bradford and guests Mauven MacLeod and Graham Falkner. This episode is a rapid-fire, often hilarious and sometimes horrifying roundup of the most spectacular cyber security disasters of 2025, told with a no-nonsense foc…
Do UK small businesses need cyber risk registers? Graham said no. After this 40-minute debate with Noel Bradford, he changed his mind completely. This Small Business Cyber Security Guy podcast episode tackles cyber risk management for UK SMEs through a heated debate about whether small business boar…
Show notes December 2025 just shipped the last Microsoft security fixes of the year. Fifty seven vulnerabilities, three zero days, and one actively exploited Windows privilege escalation that hits almost every supported build. Are you patched before the Christmas break, or are you leaving a present …
For our 30th episode, we're tackling the cybersecurity blind spot that almost no one discusses but everyone should worry about. You've secured your laptops. You've rolled out multi-factor authentication. Your firewall is properly configured. But what about that office printer quietly storing every c…
What if the best way to protect your business isn't copying what the successful companies do, but avoiding what the failures did wrong? Welcome to reverse benchmarking, the cybersecurity equivalent of learning from other people's face-plants so you don't repeat them. In this episode, Noel and Mauven…
In this provocative second instalment of the accountability series, hosts Noel Bradford and Mauven MacLeod lay out a detailed proposal for a UK cybersecurity enforcement regime that balances protection for small businesses with personal liability for negligent directors. They compare the current wea…
What happens when business negligence causes serious harm to thousands of people? If a faulty ladder injures someone, directors face prison time. If forty million people have their data stolen due to poor security, they receive a strongly worded letter. In this provocative first episode of our two-p…
Graham Falkner delivers an authoritative deep dive into November 2025's Patch Tuesday updates, covering the most critical security vulnerabilities affecting businesses of all sizes. This month brings a perfect storm of actively exploited zero-days, critical Exchange Server flaws, and hundreds of pat…
The Spy Who Monitored Me - Ofcom's VPN Surveillance Farce Episode Information Episode Title: The Spy Who Monitored Me: Ofcom's VPN Surveillance Farce Episode Number: Hot Take Release Date: 11 November 2025 Duration: Approximately 18 minute Hosts: Mauven MacLeod & Graham Falkner Format: Research …
In this episode of the Small Business Cybersecurity Guide, hosts Noel Bradford and Mauven McLeod are joined by Mark Bell from Authentrend (episode sponsor) to explain why the mobile phone, long promoted as a convenient authentication tool, can be one of the weakest links in your business security. U…
On October 19th, 2025, four men dressed as construction workers stole β¬102 million in French crown jewels from the Louvre Museum in just seven minutes. The heist was poorly executedβthieves dropped items and failed to target the most valuable piecesβyet they succeeded spectacularly. Why? Because the…
In this episode Graham and Mauven break down a major overhaul to Cyber Essentials coming into force from April 2026. The hosts explain the headline change β mandatory multi-factor authentication (MFA) for every cloud service with no loopholes β and how the scheme has tightened scoping so any interne…
What if I told you thereβs a laboratory in Switzerland where scientists are building computers from living human neurons? Sounds like science fiction, right? But itβs happening right now, and the energy crisis driving this research is about to affect every small business ownerβs cloud computing bill…
This Halloween special of the Small Business Cyber Security Guy peels back the curtain on the scariest place hackers hide: the tools and toolchains you trust. Hosts Graeme Falkner, Noel Bradford and Mauven MacLeod go ghost hunting inside compilers, build systems and update pipelines to show how supp…
The Β£18,000 Saving That Cost Β£200,000 in Revenue Ever cut a cost that seemed obviously wasteful, only to discover you'd destroyed something far more valuable? Welcome to the Doorman Fallacy βit's probably happening in your business right now. In this episode, Noel Bradford introduces a concept from …
Hosts Mauven MacLeod and Graham Falkner deliver a fiery rant about the recent AWS US East 1 DNS outage and what it reveals about our dependence on cloud services. In this episode, they unpack the outage's real-world impact β from Snapchat and Venmo outages to Philips Hue bulbs and automated litter b…
Vendors love throwing around "InfoSec," "CyberSec," and "IT Security" like they're selling completely different solutions. Half the time it's the same thing with three different price tags. The other half? You're buying protection that doesn't address your actual risks. With 50% of UK small business…
Noel and Mauven unpack Discordβs third-party breach that exposed government-ID checks from age-appeal cases, then weigh it against Westminsterβs push for a nationwide digital ID. Itβs a frank look at how outsourcing, age-verification mandates and data-hungry processes collide with real-world securit…
Microsoft has released the October 2025 Patch Tuesday update, and the numbers tell a serious story: 172 security flaws patched, six of them zero-day exploits already in the wild. For UK small businesses, this is more than routine maintenance; these updates protect against vulnerabilities that attack…
Ministers have sent an urgent letter to UK business leaders after the NCSC handled 204 nationally significant cyber incidents in the past year, with 18 "highly significant" incidents β a 50% increase for the third consecutive year. Join Mauven MacLeod and Graham Falkner as they unpack the government…
We were wrapping up our interview with Tammy Buchanan about the Kido nursery breach when she said: "Actually, there were some really important points I forgot to make." So we grabbed another cup of tea, broke out the custard creams, and kept recording. Then, during the tea break, Graham discovered s…
Episode Description Following the Kido nursery breach where 8,000 children's photos were stolen and posted online, we sit down with education sector expert Tammy Buchanan. With 15 years working in UK schools and now consulting on data protection compliance, Tammy reveals the shocking reality of cybe…
Host Graham Faulkner dives into Windows 11 25H2 in this solo episode, explaining why this understated update matters for security, stability, and small-business productivity. He breaks down how 25H2 arrives as an Enablement Package (EKB), what that means if youβre already on 24H2, and why the stream…
In 40 years of Information Technology work, Noel Bradford has never been this angry. On September 25th, 2025, the Radiant ransomware gang stole personal data from 8,000 children at Kido International nurseries, posted their photos and medical records online, and then started calling parents at home …
Join hosts Noel Bradford and Mauven McLeod in this Back-to-School special of the Small Business Cybersecurity Guy podcast as they trace a line from 1980s schoolroom mischief to modern, large-scale breaches that put millions of students and small organisations at risk. Through recollections of early …
Co-op's CEO has just confirmed that their cybersecurity disaster cost Β£80 million. The attackers? Teenagers are using basic social engineering. In this Hot Takes episode, we break down how "We've contained the incident" turned into an Β£80 million earnings wipeout, and why the final bill could reach …
Date: 23 September 2025 β Host Mauven McLeod delivers a furious, fast-paced analysis of two seismic cyber incidents and what they mean for UK and global businesses. This episode examines the Jaguar Land Rover and Collins Aerospace ransomware attacks, the human-driven methods that enabled them, and w…
This episode explores the risks of relying on a single IT manager as an entire IT department. Hosts Noel Bradford and Mauven MacLeod unpack why paying one person a modest salary is not the same as buying a full team of specialists, and they share vivid real-world horror stories β from a sudden resig…
Most small business owners think CIO stands for "Chief I-Fix-Everything Officer" and CISO means "Chief I-Worry-About-Security Officer." In this episode, Noel Bradford (actual CIO/CISO) breaks down what these executive roles actually do and why your business desperately needs this strategic thinking …
September 2025 Patch Tuesday: Critical Business Update Special Edition with Graham Falkner Microsoft's September Patch Tuesday brings 81 security fixes, including 9 critical vulnerabilities already being exploited by attackers. This episode provides essential business guidance for small business own…
Episode Summary The Electoral Commission suffered a 14-month data breach affecting 40 million UK voters, yet faced zero ICO enforcement action. Meanwhile, small businesses receive crushing GDPR fines for minor infractions. This explosive episode exposes dangerous double standards leaving SMBs vulner…
π¨ SHOCKING: 60% of Small Businesses Shut Down Forever After Cyberattacks 96% of hackers target YOUR business, not big corporations. Think you're too small to be a target? Think again. Noel and Mauven reveal the brutal truth about cybersecurity that could save your business - or expose why you're al…
K&P Logistics β 158 years in business β wiped out in 48 hours by ransomware. Noel Bradford and Maurven MacLeod unpack that real-world catastrophe to show small businesses how the same fate can be avoided. If you run a local shop, agency or family firm and think cybersecurity is either incomprehe…
π Welcome to the UK's Cyber Graveyard π Over 2,000 jobs GONE. Centuries of business history DELETED. All because of weak passwords and basic security failures that could have been prevented for FREE. π¨ THE VICTIMS: KNP Logistics: 158 years old, Β£94.5M revenue β 730 redundancies Travelex: Global c…
After 17 episodes covering everything from basic password security to nation-state threats targeting corner shops, Noel and Mauven reveal what actually works, what consistently fails, and why most businesses are fighting 2019 threats with 2015 thinking while facing 2025 attack methods. π― Shocking R…
π§ Latest Episode Alert | Fresh intelligence from DefCon 33 reveals how AI-enhanced cyber threats to small business are accelerating rapidly. Techniques demonstrated in Las Vegas are targeting UK businesses within weeks. π¨ Critical Cyber Threats to Small Business AI-Powered Social Engineering 85% s…
π¨ Episode 11: When Your Safety Net Becomes the Target Backup Security Under Fire + Business Email Compromise Reality Check Your backups aren't protecting you anymoreβthey're the primary target. In this explosive double-header episode, we expose why 94% of ransomware attacks now target backup system…
In the final part of our White House CIO Insights series, we explore the cutting-edge AI-powered threats that are transforming cybersecurity. Our special guest Sarah Chen, who heads up AI threat research at a leading UK cybersecurity firm, reveals how artificial intelligence is being weaponized by c…
UK Ransomware Ban: Why Your SMB Just Became a Bigger Target Show: The Small Business Cyber Security Guy Hot Take Hosts: Graham Falkner & Noel Bradford Episode Length: 7:30 Category: Business, Technology Episode Description The UK Government just dropped the most aggressive ransomware policy in t…
Episode Description Join Noel Bradford and Graham Falkner for another cybersecurity hot take as they dive into the alarming world of help desk social engineering attacks. This episode exposes how the notorious Scattered Spider group has weaponized basic human helpfulness to devastating effect, turni…
1984 is here! Just 41 years late - Big Brother is watching and censorship is increasing. The UK's Online Safety Act went live July 25th, 2025. VPN usage exploded 1,400% overnight. Teenagers are using PlayStation screenshots to bypass age verification. Join Noel Bradford and Mauven MacLeod for an eme…
Part 2 of White House CIO Insights Series | ~38 minutes How do you implement White House-level security without White House-level budgets? Building on insights from former White House CIO Theresa Payton's interview with Scammer Payback, Noel and Mauven explore the UK's Cyber Essentials framework - t…
What's scarier - protecting the President or a small business in Manchester? Former White House CIO Theresa Payton says they face exactly the same sophisticated threats now. Runtime: 36 minutes | Series: Part 1 of 3 | Hosts: Noel Bradford & Mauven MacLeodKey Topics Covered Nation-state targeting…
Show Notes Duration: 25:16 Hosts: Mauven MacLeod & Noel Bradford Technical debt isn't just old computers - it's a ticking time bomb in every UK business. When Noel discovers his local Oxford Council data was sitting in legacy systems for 21 years, things get personal. From NHS cyber deaths to Β£1…
Show Guide: When Basics Break - Special Bonus Episode Duration: 9 minutes | Type: Special Episode Episode Summary McDonald's password "123456" exposed 64 million job applications. M&S lost Β£300M to a phone call. Our full team dissects how basic security failures are destroying major brands and w…
Shadow IT: The Unauthorised Technology Inside Your Business 42% of business applications are unauthorised Shadow IT. Your employees have built hackers a data highway while trying to be helpful. What You'll Learn βDetection Methods: DNS monitoring, MDM, endpoint audits, ThreatLocker solutions βGDPR N…
What if hackers are already inside your business... and you invited them in? 63% of data breaches involve third-party vendors. Your payment processor, cloud storage, email provider - any could be the backdoor that destroys your business overnight. WHAT YOU'LL LEARN: Why small businesses are sitting …
Five days ago, it was Israel versus Iran. Over the weekend, American B-2 bombers dropped 14 bunker-busters on Iranian nuclear facilities. Today, your small business became a target in a war you're not even fighting. If you run a UK business using American tech services, and almost certainly yours do…
Noel and Morven explain why passwords are failing us, how bad habits put us at risk, and what small businesses can do about it today. From password overload to the rise of passkeys, this episode is your practical guide to ditching old security mistakes for good.…
This episode unpacks the global impact of Patch Tuesday, its evolution, and the chaos it tamed in cybersecurity. Noel and Mauven explore why patch management matters now more than ever and how attackers are always just one step behindβor sometimes ahead. Real stories and practical insights make sens…
This episode exposes why cyber certifications like ISO27001 and SOC 2 donβt guarantee real security. We break down the difference between frameworks and show how neglecting basic controls leaves even big brands open to attack.…
Iranian cyber attackers arenβt just hackingβtheyβre outsmarting and outmaneuvering defenses through psychological cunning. Noel and Morven break down the real methods behind the headlines, exposing how these groups trick even the savviest users and why old-school security training just isnβt enough …
Most cybersecurity advice is written by people who've never actually stopped a real attack. We're different. We've been on the frontlines of the world's biggest cyber incidents, and we know what actually works when criminals come calling.
No vendor pitches. No theoretical nonsense. Just the brutal truth about what's targeting your business and how to stop it.
Four decades of enterprise experience, from managing security operations at Disney, BBC, and Intel to serving as CIO/CISO of a cryptocurrency exchange. Known for his uncompromising stance on cybersecurity fundamentals and zero tolerance for vendor snake oil.
Former Government Cyber analyst with deep expertise in the UK threat landscape. Provides an insider perspective on government security initiatives, regulatory compliance realities, and the gap between policy and practice.
New episodes drop every Monday at noon.