The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups

Episode Overview Episode Type: Series Preview Trailer Duration: 90 seconds Release Date: December 2025 Series Launch: January 2026 Hosts: Noel Bradford & Mauven MacLeod What You'll Learn Three in the morning. Your phone's ringing. Someone's encrypted your customer database. What do you do? This trailer launches our most ambitious series yet: a six-module programme running January through March 2026 that transforms panic into a complete, tested incident response plan. Each module drops every two weeks, giving you time to implement before the next one arrives. Between modules, normal episodes continue covering current threats, breaches, and patches. This Series Will Give You: Complete incident response framework for small businesses Communication templates you can use during an actual incident Threat-specific playbooks for ransomware, data breaches, and system compromises Testing procedures that prove your plan works under pressure Implementation time built into the schedule Practical guidance for teams with real constraints What This Series Covers Module 1: Incident Response Foundations (Early January 2026) What You'll Build: Clear decision tree for incident classification Role definitions (even if your team is three people) Initial response procedures Documentation requirements Escalation pathways Practical Outputs: Who does what, when, and how Your first response checklist Contact list template Module 2: Building Your Response Team (Late January 2026) What You'll Build: Response team structure for small businesses Role assignments that work with limited staff External contact management Vendor coordination procedures Backup personnel plans Practical Outputs: Team roster with responsibilities External contacts database Succession planning for key roles Module 3: Communication Plans (Early February 2026) What You'll Build: Internal notification procedures Customer communication templates Regulatory reporting guidance Media handling basics Stakeholder management Practical Outputs: Communication templates ready to use Notification timelines Contact escalation matrix Module 4: Threat-Specific Playbooks (Late February 2026) What You'll Build: Ransomware response procedures Data breach protocols System compromise workflows Phishing incident handling Insider threat procedures Practical Outputs: Step-by-step playbooks for each threat type Decision trees for common scenarios Evidence preservation guides Module 5: Testing Your Plan (Early March 2026) What You'll Build: Tabletop exercise framework Simulation scenarios Assessment criteria Continuous improvement process Lessons learned documentation Practical Outputs: Test schedule Simulation scripts Improvement tracking system Module 6: Complete System Integration (Late March 2026) What You'll Build: Your complete, customised IR plan Integration with existing processes Maintenance schedule Annual review procedures Staff training programme Practical Outputs: Final incident response plan document Ongoing maintenance checklist Training materials for your team Between Modules: Normal Episodes Continue Every other week between module releases, you'll get: Latest Breach Analysis: What happened, how it happened, what you can learn Critical Security Patches: What you need to apply and why (see our December 2025 Patch Tuesday analysis) Emerging Threat Intelligence: Current attacks targeting UK small businesses Practical Implementation Guides: Hands-on advice for immediate action Because security doesn't pause whilst you're building your plan. The Two-Week Implementation Rhythm Week 1: Module episode drops Week 2: Implementation time + normal episode Week 3: Next module episode drops Week 4: Implementation time + normal episode This cadence gives you: Time to actually implement each module Space to ask questions and refine Current threat intelligence throughout Sustainable pace for resource-constrained teams Why This Series Matters The UK Small Business Reality Current State: 43% of UK small businesses experienced cyber breaches last year (DSIT 2025) Average breach cost: £250,000 Some breaches exceed £7 million 60% of small businesses close within six months of a major cyber incident NCSC estimates 50% of UK SMBs will experience a breach annually The Gap: 73% have no board-level cybersecurity responsibility (see Episode 31: The Risk Register Argument) Most have no documented incident response plan Existing plans are often enterprise frameworks that don't work for SMBs When incidents occur, response is reactive panic rather than systematic procedure The Opportunity: Having a tested incident response plan can reduce breach impact by up to 70% Cut recovery time significantly Minimise business disruption Demonstrate due diligence for cyber insurance Meet regulatory requirements Protect customer trust This Isn't Enterprise Security Theatre Traditional incident response planning assumes you have: Dedicated security team 24/7 SOC coverage Unlimited budget Complex organisational structure Enterprise-grade tools This series assumes you have: Limited staff wearing multiple hats Constrained budget Time pressure Real business to run Practical need for procedures that actually work Every recommendation is: Tested in actual small business environments Budget-conscious Time-realistic Scalable as you grow Focused on high-impact, low-cost implementations Who Should Listen to This Series This series is particularly relevant for: UK small business owners (5-50 employees) who need incident response capability Startup founders building security from the ground up SME managers responsible for cybersecurity without security backgrounds Solo IT staff who handle everything Business owners who've invested in prevention but lack response capability Anyone who thinks "we're too small to need an incident response plan" Directors concerned about personal liability under the Companies Act Businesses pursuing Cyber Essentials or cyber insurance Professional services firms handling sensitive client data You'll especially benefit if: You've asked "what happens if we get breached?" and had no good answer Your current plan is "call the IT guy and hope" You've got prevention sorted but no response capability You need to demonstrate due diligence for insurance or compliance You're responsible for security but lack formal training Your team is small and you can't afford enterprise solutions What Makes This Series Different Practical Implementation Focus Not theoretical frameworks or consultant waffle. Every module produces concrete, usable outputs you can implement on a Tuesday afternoon between customer calls. Small Business Specific Built for teams of 3-50 people, not Fortune 500 enterprises. Acknowledges real constraints around time, money, and expertise. Tested in Real Environments Every procedure comes from actual small business implementations. No academic theory or enterprise assumptions. Sustainable Pace Two-week rhythm gives you time to implement, refine, and ask questions before the next module arrives. Continuous Relevance Normal episodes between modules keep you current on threats, breaches, and patches whilst you're building your plan. Complete System Six modules build into one cohesive incident response capability, not disconnected tips. Content Calendar January 2026: Week 1: Module 1 - Incident Response Foundations Week 2: Normal Episode (current threats) Week 3: Module 2 - Building Your Response Team Week 4: Normal Episode (current threats) February 2026: Week 1: Module 3 - Communication Plans Week 2: Normal Episode (current threats) Week 3: Module 4 - Threat-Specific Playbooks Week 4: Normal Episode (current threats) March 2026: Week 1: Module 5 - Testing Your Plan Week 2: Normal Episode (current threats) Week 3: Module 6 - Complete System Integration Week 4: Normal Episode (current threats) Subscribe Now Don't miss any module in this series. Subscribe on your preferred platform: Apple Podcasts: Currently ranked #13 in Management category worldwide Spotify: New episodes every week All Major Podcast Platforms: Search for "The Small Business Cyber Security Guy" RSS Feed: Direct feed link Connect With Us Need Help? If you need direct assistance with incident response planning or any cybersecurity topic we cover: Email: [email protected] Website: thesmallbusinesscybersecurityguy.co.uk Resources & Guides Visit our website for: Detailed implementation guides Template downloads Step-by-step walkthroughs All episode show notes and transcripts Blog articles expanding on episode topics Newsletter "No BS Cyber for SMBs" on LinkedIn - practical cybersecurity advice delivered weekly by Noel Bradford Share This Series Know someone who needs this? Share with: Business owners without incident response plans IT managers dealing with limited resources Directors concerned about cyber liability Anyone responsible for small business security About the Hosts Noel Bradford With over 40 years in IT and cybersecurity across enterprises including Intel, Disney, and BBC, Noel now serves as CIO/Head of Technology for a boutique security-first MSP. He brings enterprise-level expertise to small business constraints, translating million-pound solutions into hundred-pound budgets. His mission is making cybersecurity practical and achievable for resource-constrained small businesses. Mauven MacLeod Former UK Government cyber analyst, Mauven brings systematic threat analysis and government-level security thinking to commercial reality. With her Glasgow roots and ex-government background, she translates complex security concepts into practical advice for small businesses, asking the questions business owners actually need answered. Related Episodes & Blog Posts Preparation for This Series: Episode 17: Social Engineering - The Human Firewall Under Siege Episode 30: The Printer Is Watching - IoT Security Episode 29: Reverse Benchmarking - Learning from Disasters Episode 31: Boards, Breaches and Accountability - Risk Registers Related Blog Posts: Reverse Benchmarking: Why Studying Cyber Failures Beats Copying Best Practices The Risk Register Argument - When Your Co-Host Says You're Wrong About Governance How to Build a Cyber Risk Register That Actually Works Your First Cyber Risk Register: 2-Hour Implementation Guide Your £15,000 Security Investment Just Got Defeated by a £300 Printer Three Zero Days And A Christmas Timebomb: December Patch Tuesday Analysis Support the Show If this series provides real value to your business: Leave a Review on Apple Podcasts or Spotify - tell us what you're implementing Share Episodes with other business owners who need this Tell Us What's Landing - your feedback helps us create more useful content Subscribe so you don't miss any modules Legal Disclaimer Everything discussed in this series is for general guidance and educational purposes. It's meant to point you in the right direction but absolutely shouldn't be treated as professional advice tailored specifically to your business. Your situation is unique. What works brilliantly for one business might be completely inappropriate for another. We do our very best to keep everything accurate and current, but the cybersecurity world moves quickly. Things can change between when we record and when you're listening, so always double-check critical technical details with qualified professionals before making major changes to your systems. If we mention websites, products, or services, we're giving you information, not necessarily endorsing them. We can't be responsible for what happens on their end or if things go sideways when you use them. If you're dealing with serious cybersecurity incidents, actual data breaches, or complex compliance issues, please talk to proper professionals rather than just relying on podcast advice. We're here to educate and help you understand the landscape, not to replace your security consultant, solicitor, or IT team. Think of us as your knowledgeable mates down the pub who work in cybersecurity, not your official contracted consultants. We care about your business, but we're not your insurance policy. Stay safe out there, keep learning, and remember: when in doubt, get a second opinion from someone who can see your specific situation. This has been a Small Business Cyber Security Guy production. Copyright 2025, all rights reserved. Series Preview | December 2025 | The Small Business Cyber Security Guy Podcast Hashtags #IncidentResponse #CyberSecurity #SmallBusiness #UKBusiness #SMBSecurity #CyberEssentials #BusinessContinuity #DisasterRecovery #NCSC #InfoSec #RiskManagement #DataProtection #GDPR #CyberInsurance #BusinessResilience #ThreatResponse #SecurityPlanning #UKCyber #EnterpriseSecurity #PracticalSecurity

Welcome to the Small Business Cybersecurity Guy Christmas Special with host Noel Bradford and guests Mauven MacLeod and Graham Falkner. This episode is a rapid-fire, often hilarious and sometimes horrifying roundup of the most spectacular cyber security disasters of 2025, told with a no-nonsense focus on what small businesses should learn from them. We open with the MacHire fiasco: security researchers discovered an admin account on McDonald’s AI hiring chatbot (Paradox.ai/Olivia) protected by the password "123456," exposing up to 64 million applicant records. The researchers reported the flaw; no known mass theft occurred, but the episode underlines vendor risk and the dangers of legacy test accounts and absent MFA. Next, we cover the Louvre post-heist revelations: a €88m jewel theft followed by reports showing decades-old surveillance systems running Windows 2000/XP, passwords like "Louvre" and systemic neglect. The story is used to illustrate how even world-famous institutions fail at basic cyber hygiene. We recap the PowerSchool catastrophe, where a 19-year-old college student used compromised credentials to access a support portal and exposed data on some 62 million students and millions of staff. The attack led to ransom demands, payments, further extortion attempts, criminal charges, and a clear lesson — no MFA, huge consequences. The UK was a hotspot in 2025: Jaguar Land Rover, Marks & Spencer, Co-op, Harrods and others suffered disruptive breaches often rooted in third-party/supply-chain compromises. We also discuss the Foreign, Commonwealth & Development Office breach (detected in October, disclosed in December), suspected China-linked activity, and the difficulties of attribution. In a rapid-fire segment we cover smaller-but-still-impactful stories: a ransomware gang that abandoned an extortion against nurseries after public outrage; attacks on Asahi, DoorDash and Harvard; widespread exploitation of unpatched SharePoint vulnerabilities; and how simple phishing and credential theft continue to be the root cause of major incidents. Key takeaways for small businesses are emphasized throughout: enable multi-factor authentication, use strong unique passwords and password managers, patch promptly, run vendor due diligence and risk registers, train staff on phishing/social engineering, maintain incident response plans, and treat supply-chain security as part of your attack surface. The hosts argue the fundamentals work — do the boring basics correctly. The episode closes with practical advice, links to the revamped blog and Noel’s "No BS Cyber for SMBs" newsletter on LinkedIn, and a festive-but-sober call to change weak passwords (definitely not to "123456") and enable MFA before the new year.   #Cybersecurity #Ransomware #DataBreaches #PasswordSecurity #SupplyChainSecurity #SmallBusiness #UKCyber #InfoSec #Christmas2025 #PowerSchool #McDonalds #JaguarLandRover #ForeignOffice

Do UK small businesses need cyber risk registers? Graham said no. After this 40-minute debate with Noel Bradford, he changed his mind completely. This Small Business Cyber Security Guy podcast episode tackles cyber risk management for UK SMEs through a heated debate about whether small business boards need formal cyber risk registers. UK cyber security statistics that changed Graham's mind: 43% of UK small businesses experienced cyber breaches last year (DSIT 2025) 73% have no board-level cyber security responsibility 28% of SMEs say one cyber attack could close them permanently (Vodafone 2025) Average UK small business breach costs £3,398 Real-world cyber risk register failures: UK manufacturing company with "satisfactory" security controls destroyed by ransomware. Had antivirus, firewalls, backups. No documented cyber risk assessment. No board-level governance. Business nearly closed. Companies Act director duties most UK boards ignore: Section 174 requires directors exercise "reasonable care, skill and diligence" in managing company risks. With 43% breach rates, cyber risk is material. Failure to document cyber risk management exposes directors to personal liability. Practical cyber risk register implementation: ✓ Minimum viable cyber risk register template (8 columns, single spreadsheet) ✓ Board-level cyber security governance framework ✓ Quick remediation: enable MFA, test backup restoration, implement payment verification ✓ NCSC Board Toolkit guidance for UK SMEs ✓ Cyber insurance risk assessment requirements Perfect for UK small business owners, SME directors, startup founders, business managers responsible for cyber security compliance, GDPR, and corporate governance. Listen to this cyber security governance debate and learn why risk registers aren't bureaucracy - they're legal protection for directors and businesses.

Show notes December 2025 just shipped the last Microsoft security fixes of the year. Fifty seven vulnerabilities, three zero days, and one actively exploited Windows privilege escalation that hits almost every supported build. Are you patched before the Christmas break, or are you leaving a present for attackers in January? In this episode, Graham walks through the December Patch Tuesday release for 2025, with a focus on what actually matters for small and medium businesses. You will hear how CVE 2025 62221 in the Windows Cloud Files driver turns a low level account into full system compromise, why Office Preview Pane is once again a risk, and how AI powered tools like GitHub Copilot for JetBrains and PowerShell changes introduce new attack paths. Does your team know about any of that? You also get a fast tour of Adobe and other vendor updates, including ColdFusion, Android, Ivanti, Fortinet, React server components and SAP. Graham then zooms out to review the full year, with more than one thousand one hundred Microsoft vulnerabilities in 2025 and privilege escalation bugs leading the pack. Finally, he explains why the five week gap before the next Patch Tuesday on thirteen January 2026 makes December patching non negotiable. By the end of the episode you will know: Which patches you must treat as emergency work, especially CVE 2025 62221 How Office, Copilot and PowerShell changes affect day to day risk Why Windows 10 without Extended Security Updates is now a business liability What to ask your IT team or provider before everyone disappears for the holidays Are you confident your estate will survive the festive period, or do you need to push patching to the top of the list?

For our 30th episode, we're tackling the cybersecurity blind spot that almost no one discusses but everyone should worry about. You've secured your laptops. You've rolled out multi-factor authentication. Your firewall is properly configured. But what about that office printer quietly storing every contract and payslip you've printed this year on a hard drive nobody ever wipes, with a password an attacker can guess in three tries? This episode reveals the uncomfortable truth about Internet of Things (IoT) devices in your business. We're talking about printers, CCTV systems, smart thermostats, networked door locks, and every other "smart" device you've stopped thinking about as a computer. These forgotten devices are giving attackers a free pass into networks that are otherwise properly secured. We share a real case study from our recent emails about a marketing agency that spent £15,000 on security, passed their audit with flying colours, and still got breached through their office printer. This isn't theoretical paranoia. This is happening right now to businesses that think they've got security sorted. What You'll Learn Why your office printer is possibly the biggest security risk in your building How default passwords on "forgotten" devices create easy access points for attackers The real story of a £15,000 security investment defeated by a £300 printer What network segmentation actually means and why it matters for small businesses How to create and maintain an accurate device inventory Practical steps to secure IoT devices without enterprise budgets Why your CCTV system might be livestreaming to the internet right now How smart thermostats become backdoors into your network Key Topics Covered The Forgotten Device Problem Modern offices are full of computers disguised as other things. Every printer, every CCTV camera, every smart thermostat, and every networked door lock is actually a computer connected to your network. Most businesses secure their obvious computers whilst completely forgetting about these devices, creating perfect entry points for attackers who aren't bothering with sophisticated social engineering when they can just log in with "admin/admin". Real Case Study: The £15,000 Security Investment Defeated by a Printer A 30-person marketing agency listened to our ransomware and authentication episodes, then invested £15,000 in proper security: new firewalls, endpoint protection, hardware authentication keys for every staff member, and a security audit that came back clean. Two months later, they discovered someone had been accessing their client files for weeks through their HP printer that still used factory default credentials. The printer had full network access and stored copies of everything printed. Nobody had changed the password. Nobody had checked it during the audit. Nobody even thought about it. Default Credentials: The Epidemic Nobody Discusses Attackers maintain databases of default passwords for thousands of devices. They don't need to crack complex passwords when they can try "admin/admin" or "admin/password" and gain access to printers, cameras, or thermostats within seconds. These devices often ship with administrative interfaces accessible from the network, and most businesses never change the defaults because they don't think of these devices as security concerns. Network Segmentation Explained (Without Enterprise Complexity) Network segmentation sounds enterprise-level complicated, but the basic concept is simple: not everything on your network should be able to access everything else. Your printer doesn't need access to your accounting server. Your CCTV system doesn't need to reach your customer database. Creating separate network zones for different device types means a compromised printer can't become a stepping stone to your sensitive data. The Device Inventory Challenge Most small businesses have no accurate list of what's actually connected to their network. They know about the laptops and servers but often forget about the smart coffee machine someone plugged in last year, the wireless access points in the meeting rooms, or the networked thermostat the facilities team installed. Without knowing what's connected, you can't secure it. We discuss practical methods for discovering and documenting every device on your network. Practical IoT Security Steps We break down actionable steps that don't require enterprise budgets or dedicated security teams. This includes conducting device audits, changing default passwords, implementing basic network segmentation, regular firmware updates, and creating ownership responsibility for every connected device. The goal is proportionate security that's actually achievable for small businesses. Key Takeaways Every connected device is a computer. If it has an IP address, it's a potential security risk that needs management and protection. Default passwords are attackers' best friends. The first thing to do with any new device is change the administrative password. Never assume factory defaults are acceptable. Network segmentation isn't optional anymore. IoT devices should be isolated from your main business network, even if that means starting with basic VLAN separation. Device inventory is fundamental. You can't secure what you don't know exists. Conduct regular network scans to discover forgotten devices. Ownership matters. Every device needs someone responsible for its security. Don't let devices become "nobody's problem" because that's when they become everyone's problem. Security audits miss IoT devices. Standard security assessments often focus on servers and workstations whilst completely overlooking printers, cameras, and other IoT equipment. Firmware updates apply to everything. IoT devices need security patches just like computers. Many businesses forget this entirely. Your £15,000 security investment can be defeated by a £300 printer. Security is only as strong as your weakest link, and IoT devices are often the weakest links because they're forgotten. Resources & References Mentioned in This Episode Previous Episodes Referenced: Episode 17: Social Engineering - The Human Firewall Under Siege Ransomware episodes (multiple) Authentication episodes featuring Mark Bell Cyber Essentials episodes Electoral Commission accountability episode Hardware Authentication: AuthenTrend hardware keys (mentioned as sponsor) Case Studies: Marketing agency breach via printer (anonymized client) Recommended Reading & Tools NCSC Guidance: National Cyber Security Centre - IoT security guidance Network Discovery Tools: Fing, Advanced IP Scanner, or similar free network scanning utilities Device Documentation: Spreadsheet templates for device inventory available on our website Practical Action Steps This Week: Find your printer's admin interface. Log in. If you can't remember the password, that's probably because it's still set to "admin". Change it. Now. List five connected devices that aren't computers or phones. These are your starting inventory. Check one device's firmware. Is it up to date? When was it last updated? Who's responsible for keeping it current? This Month: Complete device inventory. Use network scanning tools to discover everything connected to your network. Document it all. Change all default passwords. Every printer, camera, thermostat, and access point needs unique, strong credentials. Assess your network segmentation. Can your printer access your file server? It shouldn't. Start planning basic network separation. Assign device ownership. Every device needs someone responsible for its security, updates, and maintenance. This Quarter: Implement basic network segmentation. Even simple VLAN separation is better than everything on one network. Create update schedules. IoT devices need regular firmware updates just like computers. Review and test. Verify your device inventory is accurate. Check that passwords actually changed. Confirm segmentation works. Who Should Listen to This Episode? This episode is particularly relevant for: Small business owners who've invested in cybersecurity but may have overlooked IoT devices IT managers and solo IT staff responsible for securing business networks with limited resources Office managers who purchase and install connected devices without considering security implications Business owners who think they've "done security" but haven't considered printers, cameras, and similar devices Anyone who's ever said "it's just a printer" when security concerns were raised Why This Episode Matters We've covered passwords, multi-factor authentication, ransomware, supply chain attacks, shadow IT, and social engineering across 30 episodes. We've discussed major breaches at household names and examined what it takes to protect heads of state. But we've deliberately avoided IoT security until now because we knew it would make people uncomfortable, possibly angry, and definitely worried. The uncomfortable truth is that whilst you've been securing laptops and servers, your office printer has had full network access, stores every document you print, and still uses the password it shipped with. The CCTV system protecting your premises might be livestreaming to the internet because nobody changed the default settings. The smart thermostat saving you money on heating is potentially giving attackers a way into your network. This isn't theoretical paranoia. We're seeing breaches through IoT devices happen to businesses that have otherwise invested properly in cybersecurity. The marketing agency case study we discuss spent £15,000 on security and still got breached through a printer nobody thought to check during the security audit. IoT security is the blind spot in small business cybersecurity. This episode gives you the knowledge and practical steps to finally address it without enterprise budgets or dedicated security teams. Celebrating 30 Episodes This milestone episode also marks an important achievement for the podcast. Since launching in June 2025, we've: Reached Top 12 in Apple Podcasts Management category worldwide Peaked at 3,500 daily downloads Built an audience that's 47% US, 37% UK despite being a UK-focused show Made cybersecurity almost entertaining whilst maintaining technical accuracy Helped businesses actually implement security improvements, not just understand threats We're genuinely grateful to everyone who's been listening, sharing, and most importantly, doing the work. The chart positions and download numbers are nice, but what matters more is when someone emails to say they've finally sorted Cyber Essentials or retired Dave from IT as a single point of failure. Coming Up Episode 31 (Next Week): Regular episode format continues with another crucial small business cybersecurity topic Episode 32 (22nd December): Christmas Special - a festive take on cybersecurity for small businesses Connect With Us Need Help? If you need direct assistance with IoT device security, Cyber Essentials, network segmentation, or any topic we've covered, contact us at: [email protected] Website & Resources Visit thesmallbusinesscybersecurityguy.co.uk for: Detailed guides on everything we've discussed Step-by-step walkthroughs for printer security, camera configuration, and network segmentation Device inventory templates and checklists All episode show notes and transcripts Subscribe & Follow Apple Podcasts: Currently Top 12 in Management category worldwide Spotify: New episodes every week All major podcast platforms: Search for "The Small Business Cyber Security Guy" Share This Episode Know someone who's ever said "it's just a printer"? They need this episode in their life. Share it with: Business owners who think they've got security sorted IT managers dealing with limited budgets and forgotten devices Office managers who purchase connected devices Anyone responsible for small business network security Support the Show If you've had real value from this podcast: Leave a review on Apple Podcasts or Spotify - tell us what you've actually changed in your business Share episodes with other business owners who need to hear this Tell us what's landing - your feedback helps us create more useful content Subscribe so you don't miss episodes About the Hosts Noel Bradford With over 40 years in IT and cybersecurity across enterprises including Intel, Disney, and BBC, Noel now serves as CIO/Head of Technology for a boutique security-first MSP. He brings enterprise-level expertise to small business constraints, translating million-pound solutions into hundred-pound budgets. His mission is making cybersecurity practical and achievable for resource-constrained small businesses. Mauven MacLeod Former government cyber analyst, Mauven, brings systematic threat analysis and government-level security thinking to commercial reality. With her Glasgow roots and ex-government background, she translates complex security concepts into practical advice for small businesses, asking the questions business owners actually need answered. Graham Falkner Regular contributor and co-host for special episodes, Graham adds additional perspective and helps make complex cybersecurity topics accessible to small business audiences. His role includes managing the legal disclaimers and ensuring content remains grounded in practical business reality. Legal Disclaimer Everything discussed in this episode is for general guidance and educational purposes. It's meant to point you in the right direction but absolutely shouldn't be treated as professional advice tailored specifically to your business. Your situation is unique. What worked brilliantly for one business might be completely inappropriate for another. We do our very best to keep everything accurate and current, but the cybersecurity world moves faster than a caffeinated squirrel. Things can change between when we record and when you're listening, so always double-check critical technical details with qualified professionals before making major changes to your systems. If we've mentioned any websites, products, or services, we're giving you information, not necessarily endorsing them. We can't be responsible for what happens on their end or if things go sideways when you use them. If you're dealing with serious cybersecurity incidents, actual data breaches, or complex compliance issues, please talk to proper professionals rather than just relying on podcast advice. We're here to educate and help you understand the landscape, not to replace your security consultant, solicitor, or IT team. Think of us as your knowledgeable mates down the pub who work in cybersecurity, not your official contracted consultants. We care about your business, but we're not your insurance policy. Stay safe out there, keep learning, and remember: when in doubt, get a second opinion from someone who can see your specific situation. This has been a Small Business Cyber Security Guy production. Copyright 2025, all rights reserved. Episode 30 | December 2025 | The Small Business Cyber Security Guy Podcast