Every office has that moment: the site won’t load, someone whispers “DNS,” and immediately half the room turns into a jury with opinions but no evidence. In this episode of Small Business Cybersecurity Guy, Noel Bradford, Mauven MacLeod, Lucy Harper and Graham Falkner turn that reflexive blame into a story—part detective work, part practical guide—about why DNS so often gets accused, what really breaks, and how to stop losing hours to assumptions.

167 vulnerabilities. Two zero-days. One already used in live attacks. Graham Falkner breaks down April's Patch Tuesday and what your business needs to do today — in under 10 minutes.

For full show notes etc: see https://thesmallbusinesscybersecurityguy.co.uk/blog/patch-tuesday-april-2026-sharepoint-zero-day-uk-smb/

They said they were secure because they’d turned on Microsoft 365 and MFA. That should have been the end of the conversation — except it wasn’t. In this episode we follow a small-business sagawhere confidence meets complacency: a tidy subscription, a proud admin ticked off in the dashboard, and then a perfectly ordinary Tuesday when the finance inbox receives a believable invoice and the lights go out on the company bank balance. This is not a movie heist; it’s bureaucratic sabotage — dull, precise, and devastating.

We pull the curtain back on how attackers pick the quietest path: mailbox rules that hide replies, forgotten connectors that bypass protections, OAuth prompts that invite parasites in, and session tokens that act like stolen wristbands. We show how MFA, while invaluable, is only one plank in a creaky bridge — and how adversary‑in‑the‑middle phishing, device‑code tricks, and consent abuse let threat actors walk straight across it.

Through vivid examples — a supplier invoice quietly altered, a payroll request that arrives at just the wrong time, an attacker living in a thread already trusted by your staff — the episode explains why ordinary-looking messages are the most lethal. We interview the patterns, the tiny settings that become permanent vulnerabilities, and the human moments where haste replaces verification. The drama is mundane; the impact is not.

We also look at the shiny things: Copilot and other productivity tools that can amplify both good work and a breach. If your permissions are messy, Copilot becomes a supercharged searchlight for attackers. If your tenant is tidy, it’s a time-saver. The story shows how the same feature can be helpful or harmful depending on the housekeeping behind it.

Finally, we turn tension into action with a clear, practical plan: check DMARC, hunt for forwarding rules, revoke suspicious app consents, remove unnecessary admins, and insist on a second verification channel for any money-moving requests. The episode closes with a simple promise — you do not need a fortress on a sandwich budget, you need fewer stupid gaps, better checks, and a bit more suspicion. Listen to this as a warning, a how‑to, and a Monday‑morning checklist for making your business noisier to attackers and faster to respond when things go wrong.

What if you did everything right — paid the premiums, bought the policy — and on breach day they simply said, "nope"? This episode opens with that cold shock: a tiny answer on a form you filled 18 months ago about MFA, a quiet clause about state-backed operations, and suddenly a million-pound disaster is met with silence. I'm Mauven McLeod, joined by Noel Bradford and the velvet tonsils of Graham Faulkner, and we walk you into the room where insurers, forensics and legal tests meet your reality.

We tell the story through the eyes of small business owners — the manufacturer in Leeds, the dental practice in Cardiff — who thought they had done the right thing. You hear the panic calls, the blame-shifting over who completed the proposal form, and the slow, meticulous forensic process that turns your answers into evidence. This is not a lecture; it's a play-by-play of how a policy transforms from protection into an argument when paperwork and proof diverge.

Along the way we unpack the legal scaffolding that makes insurers act this way: the Insurance Act 2015 and the duty of fair presentation, the three flavours of misrepresentation (innocent, negligent, reckless), and why a single "yes" about multi-factor authentication can become Exhibit A in a claim dispute. We bring to life the tension between good intentions and hard evidence, and why the regulator expects a real connection between the breach and any policy condition.

We get technical without losing the plot. MFA becomes the episode's poster child; backups, patching, supported software and default admin accounts follow. You hear real examples of partial deployments, legacy carve-outs, and the kind of sloppy patching that turns an insurer's willingness to pay into a months-long negotiation. We explain how forensic teams reconstruct your environment and why the proposal form is no longer just a quote-getter — it's the baseline against which you will be judged.

Then we raise the stakes: Lloyd's model clauses and the state-backed cyber exclusion that can turn collateral damage from a global campaign into a denied claim. Attribution is messy, the wording can be sweeping, and even a small business can find itself arguing with the market if a headline-grabbing attack drags them into a wider campaign.

But this is a practical show as much as a cautionary tale. We hand you a pre-breach checklist you can act on this week: pull your proposal and policy, run a line-by-line reality check, harden MFA, tidy backups and patching, document tests and keep the proof. We explain what to do in the first 24–72 hours of a live incident — contain, preserve evidence, call the insurer or hotline, avoid freelance ransom payments, and keep a simple incident log that becomes priceless later.

By the time we close, you'll understand the ugly truth and the hopeful fix: cyber insurance can save your business, but only if you treat it as a living contract that matches the reality of your IT. This episode is a roadmap and a warning: prepare a little now, keep the evidence, ask awkward questions about your insurance, and you hugely increase the chance you get the support you paid for when it matters most.

Imagine opening the office fridge and finding a cloudy, unlabeled bottle of milk. You wouldn’t drink it — so why are businesses still running tills, routers and servers on ancient, unsupported software? In this episode Graham, Noel, Lucy and Mauven turn the mic onto the maddening normality of ‘mystery’ machines: the Windows XP till behind the counter, the router older than your youngest employee, the dusty NAS holding the only copy of customer data. With equal parts humour and hard sense, they map food-safety instincts — ‘use by’, ‘best before’, the sniff test — onto the tech that keeps small businesses running.

Through real-world stories (from cafes and dental practices to corner shops and manufacturers) the hosts show how ‘still turns on’ is not the same as ‘still secure’. End-of-life and end-of-support dates are the invisible expiry stickers businesses ignore at their peril: when security updates stop, so does your defence. Graeme lays out pragmatic steps for a no-nonsense tech audit — list devices, note what they do, check support windows, then slap “used by” or “best before” labels on the kit that matters. For anything internet-facing, handling payments, or storing sensitive data, the rule is simple: if it’s out of support, replace it. For unavoidable legacy kit, segment it, lock it down, and plan its retirement.

Practical, urgent and often funny, this episode is a wake-up call for anyone running a small business: don’t let your tech go off the rails just because the lights still come on. Follow the simple 30-minute ‘milk check’ homework, colour-code your inventory by risk, and commit to one concrete fix this month — whether that’s replacing a router, budgeting for a refresh, or scheduling an audit. Share the episode with that friend still running a mystery Windows box. Your customers — and the regulator — will thank you.

Tonight’s episode opens in an empty studio, a fridge with two bottles of Prosecco and a conspicuously absent Noel — the perfect stage for a conversation that is equal parts wry and urgent. Three hosts trade jokes and a refill, but the real story soon emerges: many cyber disasters don’t begin with cinematic black‑hat brilliance. They begin with everyday confidence, with the quiet sentence, “We’ll revisit that next quarter.”

We tell the story through small, human scenes: Davina from IT documenting a firewall hole and being ignored; a busy owner insisting the dashboards look fine; staff pasting customer notes into an AI co‑pilot because it saves time. Those moments feel ordinary, even sensible. But together they create an irresistible path for attackers — unpatched servers, excessive permissions, reused credentials, and shadow SaaS tools that no one thought to approve. The breach that looks sophisticated in a post‑incident writeup often starts with a password used in the wrong place, or a medium finding waved away until it can be chained with others.

We push back against comforting myths: that a tool equals a process, that your business is too unique to be targeted, or that a theoretical finding can safely wait. Instead, we reframe humility as a security control — a practical habit of updating your view when evidence changes, surfacing awkward truths quickly, and learning without scapegoating. Psychological safety isn’t a workshop buzzword here; it’s the difference between catching a problem early and making headlines.

The episode then moves into practical, bite‑size remedies you can use this week. Start by asking: what have we delayed because it’s inconvenient? who has more access than they need? what unsanctioned tools or AI are people using? and where do people raise concerns, and what happens when they do? Make a stop‑doing list: pick one convenience‑led risk and fix or formalize it. Give staff a boring, reliable route to flag risks — a 10‑minute slot in an ops call, a simple shared list, or a no‑blame MSP review — and reward the person who brings bad news early.

We finish with a quiet but powerful leadership practice: say out loud, “I might be wrong.” That sentence flips the dynamic. It turns performative certainty into honest curiosity, shrinks blast radius by encouraging early action, and makes resilience a habit rather than a purchase order. No giant security teams required — just cleaner permissions, timely patches, governed AI use, and the grit to listen when someone like Davina says, calmly, that something is off.

By the end of the episode the mood is hopeful. The hosts have had their Prosecco, given practical checklists, and reminded listeners that strong organizations don’t sound the most certain — they admit uncertainty early, correct course quickly, and make space for truth before convenience becomes a liability.

Do small businesses really need another cyber security badge?

In this episode, Noel Bradford, Mauven MacLeod and Graham Falkner dig into SMB 1001, a five tier cyber security standard aimed at small and medium sized businesses. They break down what the bronze, silver, gold, platinum and diamond levels actually mean, where the framework came from, and whether it has any real value for UK firms.

The team also looks at how SMB 1001 compares with Cyber Essentials, Cyber Essentials Plus, IASME Cyber Assurance and ISO 27001. More importantly, they ask the question many business owners should be asking already. Do you need another logo for the website, or do you need security controls that actually work?

Expect plain English, practical analysis, and a healthy level of scepticism about cyber theatre, vanity certifications and providers who still cannot get clients to the basics.

• What SMB 1001 is and who it is for

• How the five certification levels work

• Why it is not a replacement for Cyber Essentials in the UK

• Where it aligns with good practice and where it does not

• Which level is realistic for most UK SMEs

• Why good security matters more than collecting badges

If you run a UK small business, buy IT support, fill in supplier questionnaires, or keep hearing about standards and certifications, this episode will help you cut through the noise. What should you actually focus on first? And what is just expensive reassurance dressed up as strategy?

Listen in as the Small Business Cybersecurity Guy rips through March 2026 Patch Tuesday like a mechanic with a torque wrench: blunt, precise, and impossible to ignore. This episode opens on a single, brutal premise — Windows updates are not a choose‑your‑own‑adventure. They are binary. You either deploy the cumulative payload or you leave every unpatched edge of your estate like a neon target for attackers. The stakes aren’t fireworks; they’re the slow, quiet escalation chains attackers use after a single phishing click.

We trace the real playbook attackers follow: step one, land as an ordinary user; step two, chain an Elevation of Privilege. This month Microsoft shipped six EOP fixes — graphics, kernel twice, accessibility, SMB, and WinLogon — and slapped them with "exploitation more likely." In plain English, these are the exact plumbing pieces an intruder needs to turn a compromised laptop or RDS session into full environment control. You’ll hear why delaying the patch is an active, informed choice to leave those doors open.

Then the narrative sharpens into a thriller: Copilot in Excel. A critical CVE that reads like a very small script with an outsized punch — a near‑zero‑click XSS‑style flaw that can make Copilot agent mode obediently hand over internal secrets. Picture your finance lead or CEO, spreadsheets and Copilot live, and a crafted workbook quietly acting as an insider. No macros, no drama — just a nudge that sends data where it shouldn’t. The episode makes the risk vivid and personal, not academic.

We also unpack two more critical Office RCEs via the preview pane — the sort of everyday behavior (previewing mail, browsing SharePoint) that real people do all day. Microsoft says exploitation is less likely, but only if you’re patched. The episode forces you to confront the gap between marketing calm and the real-world tradeoffs IT teams make when budgets and reboot windows collide with executive convenience.

Finally, the show gives you a short, brutal checklist — what to do this week if you run a small business or juggle multiple clients: verify actual build numbers, identify who has Copilot agent mode, sanity‑check DLP and egress for AI tools, and roll in third‑party updates like Acrobat alongside Office and Windows. It’s not a six‑month project; it’s triage and discipline. The narration is urgent but practical, a call to action delivered with the weary authority of someone who’s patched one too many servers at 2 a.m.

Tune in for a tight, no‑fluff ride through what looks quiet on the surface but is dangerously loud under it — because the difference between a quiet month and a disaster is how long you choose to stay vulnerable. Hit the blog for scripts, guides, and the deeper dive promised at the end of the episode.