The Small Business

Cyber Security Guy

Welcome to my blog and podcast, where I share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.

Everything here is personal. These are my thoughts, not those of my employer, clients, or any poor soul professionally tied to me. If you’re offended, take it up with me, not them.

What you’ll get here (and on the podcast):

  • Straight-talking advice for small businesses that want to stay secure

  • Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense

  • The occasional rant — and yes, the occasional expletive

  • War stories from the frontlines (names changed to protect the spectacularly guilty)

I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.

This blog and the podcast is where I unpack it all. Pull up a chair.

Man wearing glasses and a light gray sweater, smiling
EU Bans SIM Farms – Years Too Late, As Usual
News News Desk News News Desk

EU Bans SIM Farms – Years Too Late, As Usual

The EU has finally banned SIM farms — about five years after scammers used them to turn SMS networks into a cybercrime playground. Bravo. This industrial-scale abuse wasn’t exactly a secret, yet regulators somehow needed a multi-year nap before acting.

Businesses were battered, individuals scammed, networks flooded and now, just as criminals are moving onto bigger, nastier tricks, the ban lands with all the urgency of a snail on sedatives.

It’s the right move, just years too late. If this is what "proactive" cybersecurity looks like, we might all want to invest in stronger helmets.

Read More
M&S Ransomware Chaos: Scattered Spider Breaches Percy Pig's Safehouse
News News Desk News News Desk

M&S Ransomware Chaos: Scattered Spider Breaches Percy Pig's Safehouse

HACKERS HAVE TAKEN PERCY PIG HOSTAGE — and Marks & Spencer is fumbling the ransom call. In the most British cyber disaster yet, Scattered Spider cracked open M&S's network like a soggy trifle, stole their passwords, locked up their servers, and left Colin the Caterpillar trembling. Payments broken. Orders vanished. Cakes missing in action. Meanwhile, M&S says it's all just “minor disruption” — right, and the Blitz was a minor weather event. Dive into the unbelievable timeline of how Percy, Colin, and an entire retail giant got steamrolled by hackers who aren’t even old enough to remember dial-up.

Read More
Over 4,000 WordPress Sites Hacked – All Thanks to Yet Another Plugin Flaw
News, Vulnerability Noel Bradford News, Vulnerability Noel Bradford

Over 4,000 WordPress Sites Hacked – All Thanks to Yet Another Plugin Flaw

More than 4,000 WordPress websites have been hacked thanks to a critical vulnerability in the WP-Automatic plugin.

The flaw (CVE-2024-27956) allows unauthenticated attackers to inject malicious code, redirect users, and install backdoors—all without logging in.

Despite a patch being available, thousands of sites remain vulnerable due to poor update practices and weak plugin hygiene.

This isn't just another WordPress scare story—it's a glaring example of why unmanaged, unmonitored websites are a security liability.

If you’re still treating your website like a digital brochure from 2010, it’s time to wake up before Google blocks you altogether.

Read More
Lazarus Strikes Again: North Korean Hackers Crash the NPM Party
Cyber Security for Small Businesses, News, Alerts Noel Bradford Cyber Security for Small Businesses, News, Alerts Noel Bradford

Lazarus Strikes Again: North Korean Hackers Crash the NPM Party

North Korea's Lazarus hackers are back, gleefully slipping malicious code into popular NPM packages—think razor blades hidden in your Halloween sweets. Hundreds of developers unwittingly invited cybercriminals into their digital lives, losing sensitive data and perhaps some self-respect. This latest supply-chain fiasco underscores a crucial lesson: trust no package blindly.

Treat your code dependencies like milk—check regularly, or risk finding something unpleasantly chunky in your morning coffee. Vigilance isn't optional; it's essential.

Read More

⚠️ Full Disclaimer

This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:

  • My employer

  • Any current or past clients, suppliers, or partners

  • Any other organisation I’m affiliated with in any capacity

Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.

Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.

In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.