Ever cut a cost that seemed obviously wasteful, only to discover you'd destroyed something far more valuable? Welcome to the Doorman Fallacy —it's probably happening in your business right now.

In this episode, Noel Bradford introduces a concept from marketing expert Rory Sutherland's book "Alchemy" that explains precisely why "sensible" security cost-cutting so often leads to catastrophic consequences. Through five devastating real-world case studies, we explore how businesses optimise themselves into oblivion by defining roles too narrowly and measuring only what's easy to count.

Spoiler alert: The doorman does far more than open doors. And your security measures do far more than their obvious functions.

1. The Security Training Fallacy (Chapter 2)

2. The Cyber Insurance Fallacy (Chapter 3)

3. The Dave Automation Fallacy (Chapter 4)

4. The MFA Friction Fallacy (Chapter 5)

5. The Vendor Relationship Fallacy (Chapter 6)

Common pattern: Small measurable savings, catastrophic unmeasurable consequences.

Before cutting any security costs, ask yourself:

Review your most recent efficiency or cost-cutting decision. Ask:

Instead of measuring cost-per-hour or savings-per-quarter, measure:

Budget constraints are legitimate. The solution isn't "never cut anything." It's:

"The doorman's job is opening doors. So we replaced him with an automatic door. Saved £35,000 a year. Lost £200,000 in revenue because the hotel stopped feeling luxurious. That's the Doorman Fallacy." — Noel

"Security training's nominal function is delivering information. Its actual function is building culture. Cut the training, lose the culture, then wonder why nobody reports suspicious emails anymore." — Noel

"We saved £8,000 on training. Spent £70,000 on the Business Email Compromise attack that training would have prevented. The CFO was very proud of the efficiency gains." — Noel

"You can't prove a negative. Can't show the value of the disasters you prevented because they didn't happen. So the training gets cut, the insurance gets cancelled, and everyone acts surprised when the predictable occurs." — Mauven

"The efficiency consultant's dream outcome: Measurable cost eliminated, unmeasurable value destroyed, everyone confused about why things feel worse despite the improvement." — Noel

Total Runtime: Approximately 62 minutes

Authentrend - Biometric FIDO2 Security Solutions

This episode is brought to you by Authentrend, which provides passwordless authentication solutions that address the friction problem discussed in Chapter 5. Their ATKey products use built-in fingerprint authentication—no passwords, no PIN codes, just five-second authentication that's both convenient AND phishing-resistant. Microsoft-certified, FIDO Alliance-trusted, and designed for small businesses that need enterprise-grade security without enterprise-level complexity.

Learn more: authentrend.com

Mentioned in This Episode:

Useful Tools & Guides:

UK-Specific Resources:

Noel Bradford brings 40+ years of IT and cybersecurity experience from Intel, Disney, and the BBC to small-business cybersecurity. Now serving as CIO/Head of Technology for a boutique security-first MSP, he specialises in translating enterprise-level security to SMB budgets and constraints.

Mauven MacLeod is an ex-government cyber analyst who now works in the private sector helping businesses implement government-level security practices in commercial reality—her background bridges national security threat awareness with practical small business constraints.

New episodes every Monday at Noon UK Time!

Never miss an episode! Subscribe on your favourite podcast platform:

Help us reach more small businesses:

Connect with us:

#Cybersecurity #SmallBusiness #SMB #InfoSec #CyberInsurance #MFA #SecurityTraining #ITManagement #BusinessSecurity #RiskManagement #DoormanFallacy #BehavioralEconomics #SecurityROI #UKBusiness #CostBenefit #SecurityCulture #IncidentResponse #VendorManagement #Authentrend #FIDO2 #PasswordlessAuthentication

The Small Business Cyber Security Guy Podcast provides educational information and general guidance on cybersecurity topics. Content should not be considered professional security advice for your specific situation. Always consult qualified cybersecurity professionals for implementation guidance tailored to your organisation's needs.

Copyright © 2025 The Small Business Cyber Security Guy Podcast. All rights reserved.

Got a question or topic suggestion? Email us at [email protected] or leave a comment below!

Hosts Mauven MacLeod and Graham Falkner deliver a fiery rant about the recent AWS US East 1 DNS outage and what it reveals about our dependence on cloud services. In this episode, they unpack the outage's real-world impact — from Snapchat and Venmo outages to Philips Hue bulbs and automated litter boxes going dark — and share colourful personal anecdotes, including a navigation fail on a Loch Lomond walk and a high‑tech mattress that turns into an expensive paperweight when the cloud hiccups.

The pair dig into the technical and cultural roots of the problem: DNS as an ageing single point of failure, the dangers of concentrating critical infrastructure in one region, cost‑cutting that sacrifices resilience, and the worrying effects of automation and staff churn. They discuss how small businesses, banks, gaming platforms, and everyday consumers all found themselves unable to process payments, take bookings, or even turn on a light due to a single regional fault.

Mauven and Graham also examine the human side of outages — exhausted sysadmins, online threads that read like group therapy, and the blurred line between human operators and automated systems shipping production code. They mock the absurdity of smart devices that need the internet to perform basic functions, and contrast that with the resilience of simple, offline tech (their beloved vinyl collections make a cameo).

Finally, the episode offers a clear call to action: rethink resilience. Topics covered include multi‑cloud and hybrid strategies, decentralisation, offline fallback modes or “stupid mode” for essential devices, and the need to prioritise technical debt and redundancy over short‑term savings. Expect sharp humour, practical frustrations, and a promise of tangible fixes and advice in the next episode — plus plenty of memes and sympathy for the folks keeping the lights on.

Vendors love throwing around "InfoSec," "CyberSec," and "IT Security" like they're selling completely different solutions. Half the time it's the same thing with three different price tags. The other half? You're buying protection that doesn't address your actual risks.

With 50% of UK small businesses hit by cyber incidents in 2025 and 60% closing within six months of severe data loss, getting this wrong isn't just expensive—it's potentially fatal to your business.

Noel Bradford (40+ years wrangling enterprise security at Intel, Disney, and BBC) and Mauven MacLeod (ex-Government Cyber analyst who's seen threats at the national security level) cut through the marketing rubbish to explain what each approach actually does, what they really cost, and which one your business needs right now.

No vendor pitch. No corporate speak. Just the brutal truth about what works for UK SMBs.

Special Listener Offer: £40 per FIDO2 security key (regular £45) - Valid until December 22nd, 2025

We only accept sponsorships from companies whose products we already recommend to clients. Authentrend's ATKey series provides FIDO Alliance Level 2 certified, phishing-resistant authentication at competitive pricing. Same cryptographic protection as premium brands, without the premium price tag.

Why we're comfortable with this sponsorship: We've been specifying Authentrend keys for UK SMB clients for months because the math works. FIDO2 hardware security keys stop the credential phishing attacks that cause 85% of cyber incidents. At £40-45 per key (two per employee for backup), you're looking at £80-90 per person for protection that actually works.

Learn more: authentrend.com

Authentrend ATKey Series (Episode Sponsor)

Why hardware security keys matter:

15-20 employee business, first year total: £6,200-£14,500

Ongoing costs (Year 2+): £3,800-£11,100 annually

Noel Bradford - CIO/Head of Technology, Boutique Security First MSP

Mauven MacLeod - Ex-Government Cyber Analyst

We only accept sponsorships from security vendors whose products we already recommend to UK SMB clients independently. If we wouldn't deploy it ourselves or specify it for consulting engagements, we won't accept sponsorship money for it.

Why Authentrend: We've been recommending their FIDO2-certified hardware security keys to clients for months because:

Don't let perfect be the enemy of good. Start with what you can manage, do it properly, and build from there.

"Government Cyber Initiatives: Why Whitehall's Digital Strategy Keeps Failing UK Businesses"

The NCSC produces world-class guidance. Unfortunately, most of it assumes you have dedicated security teams and enterprise budgets. We'll examine why government cybersecurity initiatives consistently miss the mark for the businesses that need help most, and what UK SMBs should actually implement instead.

The biggest security risk is doing nothing while you debate the perfect approach.

Stop wasting money on expensive security theatre. Start with IT Security fundamentals that actually protect against the threats you face. Get phishing-resistant authentication in place. Test your backups. Train your staff.

Everything else can come later.

#Cybersecurity #InformationSecurity #ITSecurity #UKSmallBusiness #SMB #UKGDPR #CyberEssentials #DataProtection #ICO #BusinessSecurity #CyberThreats #SecurityBudget #NCSC #UKBusiness #SmallBusinessUK #FIDO2 #PhishingResistant #MFA #Authentrend #HardwareSecurityKeys #AuthenticationSecurity

Noel and Mauven unpack Discord’s third-party breach that exposed government-ID checks from age-appeal cases, then weigh it against Westminster’s push for a nationwide digital ID. It’s a frank look at how outsourcing, age-verification mandates and data-hungry processes collide with real-world security on the ground. Expect straight talk and practical fixes for UK SMBs.

What actually happened at Discord: a contractor compromise affecting support/Trust & Safety workflows, not Discord’s core systems; notifications issued; vendor relationship severed; law-enforcement engaged.

Why age-verification data is dynamite: passports and licences used for “prove your age” are a high-value, high-liability dataset for any platform or vendor.

The UK digital ID plan, clarified: free digital ID, phased rollout this Parliament, and mandatory for Right to Work checks rather than everyone by default. What that means for employers, suppliers and software choices.

Public sentiment vs promised safety: Britons broadly back “age checks” in principle but expect more data compromise and censorship risk, and doubt effectiveness.

You can’t outsource accountability. If a payroll, KYC, helpdesk or verification vendor mishandles data, your customers still see your name on the breach notice.

Age and identity checks creep into ordinary business flows. HR onboarding, ticketing, and customer support can accumulate sensitive documents if you let them.

Centralising identity increases the jackpot for attackers. Your job is to minimise what you collect and partition what you must keep.

Do not collect what you can’t protect. Prefer attribute proofs over document uploads.

Limit blast radius. Separate systems, short retention, hard deletion, and vendor access that is time-boxed and device-checked.

Contract like you mean it. Specify MFA, device compliance, immutable logging, breach SLAs, and verifiable deletion in vendor agreements.

Prepare your Right-to-Work path now. Choose flows that avoid copying and storing underlying documents.

Map every place you’re collecting ID or age proof today. Kill non-essential collection.

Where age is required, adopt attribute-based verification that proves “over 18” without revealing full identity.

Move any remaining uploads behind automatic redaction, strict retention, and encryption with keys you control.

Enforce vendor MFA via your IdP, require compliant devices, and review access logs weekly.

Run DPIAs for onboarding, support and HR flows that touch identity documents.

Rehearse your breach comms. Aim to say: “only an age token was exposed, not source documents.”

Setting the scene: a breach born in the support queue

Why ID uploads are a liability multiplier

The UK’s digital ID plan, without the spin

Vendor risk is your risk

Practical fixes you can implement before lunch

Q&A and what to do if you uploaded ID to Discord

Treat notices as real; monitor credit; be alert to targeted phishing; don’t re-upload documents to unsolicited “verification” links.

Subscribe, rate and review. Share this episode with a business owner who still stores passport scans in their helpdesk.

Send questions or topic requests for future episodes.

Microsoft has released the October 2025 Patch Tuesday update, and the numbers tell a serious story: 172 security flaws patched, six of them zero-day exploits already in the wild. For UK small businesses, this is more than routine maintenance; these updates protect against vulnerabilities that attackers are actively exploiting to break into systems like yours.

Graham Falkner cuts through the technical jargon to explain what these updates actually mean for your business, shares a real-world story of a local bakery that nearly lost everything, and walks through the practical steps you need to take today.

Linda's Bakery nearly lost a week's worth of turnover after ransomware exploited an unpatched zero-day vulnerability. The attack was fast, the data was locked, and only a quick backup restoration saved her business. Graham uses this story to demonstrate why these updates have tangible consequences for small businesses across the UK.

Beyond patching vulnerabilities, the October update brings nine useful new features for Windows 11 versions 25H2 and 24H2:

Improved Phishing Protection

Enhanced Device Control Settings

Wi-Fi Security Dashboard

Built-in Password Manager Improvements

AI Actions in File Explorer

Notification Centre on Secondary Monitors

Moveable System Indicators

Administrator Protection

Passkey Support for Third-Party Providers

Schedule Your Updates

Verify Installation Success

Back Up Before Updating

Know Your Rollback Options

Document Your Process

Regular Review Schedule

Consider Automation

Staff Training

"When you've got bugs that can lead to unauthorised access, stolen data, or a business-crippling ransomware attack, you simply can't afford to fall behind."

"These updates have real-world impact. I'm not talking theoretical."

"Don't leave your business exposed whilst attackers are combing these patch notes, looking for firms running behind."

"Not updating isn't just risky, it's old-fashioned."

"The strongest business is the one that learns just a bit faster than the crooks."

Whether you're a florist in Aberdeen or a solicitor's office in Kent, cybersecurity isn't about ticking an IT box. These updates protect your ability to keep the cash register ringing and maintain customer trust.

Business-crippling ransomware attacks don't just happen to large corporations. Small businesses are increasingly targeted because attackers know you often lack dedicated IT resources and may be running behind on updates.

Whilst Graham doesn't dive deep into compliance in this Hot Take, remember that unpatched systems can create regulatory headaches:

Microsoft removed the Agere Modem driver (ltmdm64.sys) after evidence of abuse for privilege escalation. If you rely on Fax modem hardware using this driver, it will cease functioning after this update.

Host: Graham Falkner

Like this Hot Take if you found it useful

Your engagement helps us reach more small businesses who desperately need practical cybersecurity guidance. Every share might save another business from becoming next month's ransomware statistic.

Visit thesmallbusinesscybersecurityguy.co.uk for:

Looking for more context on topics mentioned in this Hot Take? Check out these related episodes:

Episode 17: Social Engineering - The Human Firewall Under Siege

Episode 10: White House CIO Insights Part 3 - Advanced Threats & AI

Enhanced Supply Chain Security

Ministers have sent an urgent letter to UK business leaders after the NCSC handled 204 nationally significant cyber incidents in the past year, with 18 "highly significant" incidents – a 50% increase for the third consecutive year. Join Mauven MacLeod and Graham Falkner as they unpack the government's wake-up call and translate ministerial warnings into concrete actions every business leader can take today.

"Any leader who fails to prepare for that scenario is jeopardising their business's future... It is time to act." - Richard Horne, CEO of NCSC

"Hostile cyber activity in the UK is growing more intense, frequent and sophisticated. There is a direct and active threat to our economic and national security." - Ministerial Letter, 13 October 2025 - Ministerial letter on cyber security

"While you can plan meticulously, nothing truly prepares you for the moment a real cyber event unfolds. The intensity, urgency and unpredictability of a live attack is unlike anything you can rehearse." - Shirine Khoury-Haq, CEO of The Co-op Group

Mauven MacLeod - Ex-NCSC cyber security expert with Glasgow roots who translates government-level threat intelligence into practical advice for small businesses.

Graham Falkner - The unmistakable voice from UK cinema trailers, now bringing his theatrical gravitas and storytelling skills to demystify cybersecurity for business leaders.

Visit our blog: thesmallbusinesscybersecurityguy.co.uk

Like the show? Subscribe, leave a review, and share with colleagues.

Episode Length: ~8 minutes

Bottom line: Nearly half of NCSC incidents are now nationally significant. It's time to act.

We were wrapping up our interview with Tammy Buchanan about the Kido nursery breach when she said: "Actually, there were some really important points I forgot to make."

So we grabbed another cup of tea, broke out the custard creams, and kept recording.

Then, during the tea break, Graham discovered something on Twitter: VX-Underground, a credible malware research collective, had posted a screenshot of what appears to be a Kido GitHub repository containing API code. Files that typically contain system credentials. A potential smoking gun.

In Part 2, Tammy reveals what was missed in Part 1, including the game-changing fact that cybersecurity is now officially linked to safeguarding in the 2025 Keeping Children Safe in Education guidance. We examine the repository screenshot and discuss what it suggests about how breaches like this happen.

This isn't theory. This appears to be a real-world example of the vulnerability that could lead to children's data being stolen. And your child's school might have the same exposure.

Recorded in the same session as Part 1. This is what happens when cybersecurity news moves faster than podcast recording sessions.

Currently ranked in the Top 100 Apple Business Podcasts (US)

This episode is sponsored by Authentrend Biomentric Hardware 

If you listened to Part 1 and thought "that's bad but it won't happen to us," Part 2 will change your mind.

The game-changer: Cybersecurity is now safeguarding, not just IT. Schools can't ignore it anymore.

The smoking gun: A screenshot showing what appears to be exposed code—the exact type of vulnerability experts warn about.

The corrections: What we got wrong in Part 1, and why the reality is even more serious.

On 28 September 2025, VX-Underground (a credible malware research collective) posted a screenshot showing what appears to be a GitHub repository:

This screenshot shows the exact type of vulnerability cybersecurity experts warn about:

We present this as a plausible explanation based on professional analysis, not as a confirmed fact.

For the first time, statutory safeguarding guidance for UK schools explicitly mentions taking appropriate actions to meet the Cyber Security Standard.

What this means:

When it takes effect: The 2025 guidance is already in force. Schools should be implementing now.

Why schools don't know: Most haven't read the updated guidance yet. Awareness is the first problem.

What we said in Part 1: "Only 50% of schools have MFA enabled"

What Tammy clarified: That 50% is misleading because many schools have partial MFA - only for senior staff like head teachers and SENCOs.

The reality: Partial MFA = NO MFA. It's like locking your front door but leaving all the windows open. Attackers target the weakest link, not the strongest.

The phone problem: Many MFA solutions require phones for authentication, but safeguarding policies ban phones in classrooms. Schools need hardware tokens or authenticator apps on shared devices.

Where MFA works: Primarily email systems currently - but email is the gateway to everything else (password resets, system access, parent communications).

The misconception: "We pay an IT company, so they're handling DfE Digital Standards compliance for us."

The reality: DfE Standards explicitly state it's the organisation's responsibility to ask: "Are we meeting this standard? How do we meet this standard?"

What IT providers should do: Help implement technical controls

What schools must do: Verify compliance is actually happening

Who's responsible: School leadership, governors, senior management - not outsourceable

Correction: Staff must be given Time Off In Lieu (TOIL) for cybersecurity training. They cannot be expected to complete training unpaid outside work hours.

Why it matters: Schools operating on tight budgets must account for training time in scheduling and costs.

Keeping Children Safe in Education 2025

DfE Digital Standards for Schools

NCSC Cyber Assessment Framework (CAF)

NCSC Early Years Settings Guidance

GitHub Secret Scanning

DfE Digital Standards Webinars

Title: Senior Data Protection Consultant

What makes Tammy credible: She's not a theoretical expert. She's been the person fixing school printers at 8am, dealing with budget constraints, navigating safeguarding policies. When she says "schools don't have the expertise," she's speaking from lived experience.

Expertise:

Email: [email protected]

Copy these questions and email them to your head teacher:

Don't accept: "We have an IT company, they handle all this."

If you have any custom software, ask your developer:

Red flags:

The pattern Tammy sees constantly:

One credential compromise = full breach

Constraints schools face:

What needs to change:

The safeguarding link is the breakthrough - schools MUST respond to safeguarding requirements.

Tammy on partial MFA:

"It's like locking your front and back doors and then leaving all the downstairs windows open. I consider that to be NOT having MFA enabled."

Tammy on the safeguarding link:

"Schools can ignore IT recommendations. They can say 'no budget, we'll get to it eventually.' But you cannot ignore safeguarding. Safeguarding is non-negotiable."

Tammy on the repository:

"This is actually more common than people think, especially in education. Somebody builds something, pushes it to GitHub for version control, and doesn't think about security."

Tammy on compliance responsibility:

"Your IT provider should help you meet the standards, but the responsibility for checking remains with the school leadership. And most schools don't realise that."

Noel on the repository screenshot:

"The attack vector wasn't sophisticated hacking. It appears to be 'your code was accessible on the internet with the keys to the kingdom visible in the files.'"

Share this episode if:

Tag: #CyberSecurity #Education #Safeguarding #DataProtection #Kido #DfEDigitalStandards

Share quote: "Cyber security is now officially SAFEGUARDING in UK schools. Not optional IT. Not nice-to-have. SAFEGUARDING. This changes everything."

Website: thesmallbusinesscybersecurityguy.co.uk

Currently ranked Top 100 Apple Business Podcasts (US)

Part 1: The Education Data Protection Gap (listen first)

The Kido Hot Take 

Hosts:

Guest:

Production:

Special mention:

This podcast provides general information about cybersecurity topics for educational purposes. Listeners should consult a professional for their specific situation.

Regarding the repository screenshot: We present analysis based on a screenshot from a credible source (VX-Underground). The repository has been removed and we cannot independently verify its contents. Our discussion represents a professional assessment based on typical development practices, not a confirmed fact about the specific breach mechanism.

The views expressed by guests are their own and do not necessarily reflect the views of the hosts or production team.

Full transcript available at: thesmallbusinesscybersecurityguy.co.uk/transcripts

Accessibility: Contact us for alternative formats

Next time: Infosec, Cybersec, and IT security - They are the same right?? Spoiler Alert: No they are not!

Coming soon: More deep dives into small business cyber security. Subscribe so you don't miss it.

Published: 13 October 2025

Stay safe out there. Check your repositories. Enable MFA for everyone. And remember, cybersecurity is safeguarding now.

Following the Kido nursery breach where 8,000 children's photos were stolen and posted online, we sit down with education sector expert Tammy Buchanan. With 15 years working in UK schools and now consulting on data protection compliance, Tammy reveals the shocking reality of cybersecurity in British education. From nurseries using platforms like Famly and Tapestry to primary schools struggling with basic MFA implementation, this conversation exposes systematic failures that put every child's data at risk. If you're a parent, school governor, or education professional, this episode will change how you think about school security.

Currently ranked in the Top 100 Apple Business Podcasts (US)

Tammy Buchanan

Email: [email protected]

Tammy and her team (including a solicitor) work with schools across the UK on data protection compliance, information security, and cyber resilience. They provide free resources and news updates for schools on their LinkedIn page.

Government and Regulatory:

Platforms Discussed:

Security Standards:

Additional Resources:

For Parents:

For School Leaders:

For Governors:

This episode exposes a systematic failure in UK education cybersecurity. Schools operate under considerable constraints, including volunteer governance, stretched budgets, and part-time IT support. Meanwhile, they hold treasure troves of children's data on platforms configured by people who lack security expertise. The Kido breach reveals what happens when one password unlocks 8,000 children's intimate moments. Most schools are one credential compromise away from the same fate. Until cybersecurity becomes statutory or linked to Ofsted inspections, progress will remain painfully slow.

Website: thesmallbusinesscybersecurityguy.co.uk

Help us grow: Leave a review, subscribe, and share this episode with parents, teachers, and school governors who need to hear this message.

Host Graham Faulkner dives into Windows 11 25H2 in this solo episode, explaining why this understated update matters for security, stability, and small-business productivity. He breaks down how 25H2 arrives as an Enablement Package (EKB), what that means if you’re already on 24H2, and why the streamlined rollout keeps disruptions to a minimum.

The episode covers key technical and practical changes: removal of legacy components like PowerShell 2.0 and WMIC, continued performance improvements (CPU scheduling, memory management, faster startups), and expanded Wi‑Fi 7 support. Graham highlights Microsoft’s shift toward continuous monthly innovation and why that helps maintain a more secure, reliable environment without waiting for big yearly releases.

Security is a major focus: Graham explains Microsoft’s Secure Future initiative, which brings AI-assisted secure coding and enhanced vulnerability detection into the development and post-release lifecycle. He frames these advances for small business owners, showing how better detection and automated security practices reduce risk and downtime.

Practical deployment and lifecycle details are explained clearly: support-cycle resets (24 months for Home/Pro, 36 months for Enterprise/Education), how to get 25H2 via the “Get the Latest Updates” toggle, controlled rollouts and device holds, and enterprise deployment options like Windows AutoPatch and the Microsoft 365 Admin Center. He also covers admin-friendly improvements such as removing preinstalled Microsoft Store apps with Intune or Group Policy.

The episode closes with hands-on advice: check the Windows Release Health Hub for known issues, back up critical machines before upgrading, verify driver and app compatibility, and prepare rollback plans for important systems. Graham adds a personal anecdote about preparing his vinyl-catalog PC for the update and stresses that 25H2 is about steady, practical improvements—safer, faster, and less disruptive for both single machines and fleets.

In 40 years of Information Technology work, Noel Bradford has never been this angry. On September 25th, 2025, the Radiant ransomware gang stole personal data from 8,000 children at Kido International nurseries, posted their photos and medical records online, and then started calling parents at home to demand ransom payments. This isn't just another data breach. This is the moment cybercrime lost whatever soul it had left.

In this raw, unfiltered episode, Noel breaks down exactly what happened, why the security failures that enabled this attack exist in thousands of UK small businesses right now, and what you need to do immediately to protect your organisation from becoming the NEXT headline.

WARNING: This episode contains strong language and discusses disturbing tactics used by cybercriminals. Parental guidance advised.

Government & Law Enforcement:

Cybersecurity Experts:

Direct Victims:

Threat Actors:

"What happened to Kido International this week represents the absolute lowest point I've witnessed in 40 years of cybersecurity."

"These hackers didn't just encrypt some files and demand payment. They actively posted samples of children's profiles online. Then they started ringing parents directly."

"You're not special. You're not too small. You're not immune. You're just next on the list unless you take action."

"The hackers claim they 'deserve some compensation for our pentest.' Let that sink in. They're calling this a penetration test."

"A child's photo, name, and home address in criminal hands. This data doesn't expire. It doesn't get less valuable. It just sits there, a permanent risk to these families."

"None of these failures are unique to nurseries or large organizations. I see the same problems in small businesses every single week."

"You're making the same mistakes that led to 8,000 children's data being posted on the dark web. The only difference is scale."

Need Help With Your Cybersecurity? Equate Group

If this episode made you think differently about cybersecurity, please:

The information provided in this podcast is for educational and informational purposes only. It does not constitute legal, financial, or professional cybersecurity advice. Always consult with qualified professionals regarding your specific situation. Opinions expressed are those of the host and do not necessarily reflect the views of any organisations mentioned.

Full episode transcript available at: TBC

#Cybersecurity #Ransomware #DataBreach #SmallBusiness #KidoHack #UKBusiness #CyberCrime #DataProtection #GDPR #InformationSecurity #CyberAwareness #ThreatIntelligence #BusinessSecurity #RansomwareAttack #ChildSafety

© 2025 The Small Business Cyber Security Guy Podcast. All rights reserved.