The Small Business

Cyber Security Guy

Welcome to my personal blog — a space where I share my own views, opinions, and insights on technology, cyber security, and the realities of working in IT.

This blog is entirely personal. The thoughts and opinions expressed here are mine alone. They do not represent the views, policies, or positions of my employer, past or present, or any organisation I’m associated with professionally or personally.

Expect a mix of:

  • Straight-talking advice for small businesses

  • Honest takes on cyber security and IT trends

  • The occasional rant

  • A few war stories from the frontlines (names removed to protect the guilty)

With over 40 years in the industry, I’ve seen a lot — some of it brilliant, some of it baffling.

This blog is where I unpack all of it.

Man wearing glasses and a light gray sweater, smiling
Snap, Crackle, Compromise: How Kellogg's Quietly Served Up Employee Data to Hackers
Breach Reports News Desk Breach Reports News Desk

Snap, Crackle, Compromise: How Kellogg's Quietly Served Up Employee Data to Hackers

Think your breakfast is safe? Think again. WK Kellogg Co.—yes, the cereal giant—just had employee data spilled thanks to a third-party software breach. Hackers from the Clop ransomware gang waltzed in via Cleo’s "secure" file transfer platform and helped themselves to names, addresses, and Social Security numbers.

It’s another textbook example of supply chain negligence dressed up as digital transformation.

If your business relies on vendors without grilling their security, you might as well start pouring milk on your firewall and calling it breakfast. Here's how it happened—and why it should scare the cereal out of you.

Read More
Lazarus Strikes Again: North Korean Hackers Crash the NPM Party
Cyber Security for Small Businesses, News, Alerts Noel Bradford Cyber Security for Small Businesses, News, Alerts Noel Bradford

Lazarus Strikes Again: North Korean Hackers Crash the NPM Party

North Korea's Lazarus hackers are back, gleefully slipping malicious code into popular NPM packages—think razor blades hidden in your Halloween sweets. Hundreds of developers unwittingly invited cybercriminals into their digital lives, losing sensitive data and perhaps some self-respect. This latest supply-chain fiasco underscores a crucial lesson: trust no package blindly.

Treat your code dependencies like milk—check regularly, or risk finding something unpleasantly chunky in your morning coffee. Vigilance isn't optional; it's essential.

Read More

⚠️ Full Disclaimer

This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:

  • My employer

  • Any current or past clients, suppliers, or partners

  • Any other organisation I’m affiliated with in any capacity

Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.

Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.

In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.