Episode 7: Who’s Watching the Phones and Laptops?

Episode 7: Who’s Watching the Phones and Laptops?

Your cyber security is only as strong as the devices connecting to your business. Laptops. Phones. Tablets. Personal devices. Corporate devices. They’ve never been more essential to how we work … and they’ve never been more attractive to attackers. In this episode, Lynn sits down with Callum Archer to explore why endpoints remain one of the most targeted attack surfaces in modern cyber security, and what organisations can do to improve visibility, detection, and response before a small compromise becomes a much bigger problem. Because attackers don’t need to break into every device. They just need one. This conversation unpacks why outdated software, inconsistent device standards, and alert fatigue continue to create opportunities for attackers, particularly in SMB environments where IT teams are often stretched thin. Callum also explains how endpoint security has evolved beyond traditional antivirus, why behaviour-based attacks are becoming more common, and how modern endpoint detection and response tools help organisations identify and contain threats faster. Most importantly, this episode explores the importance of speed. Because when a device is compromised, every second matters. The faster you can detect a threat, contain it, and respond, the less opportunity attackers have to move through your environment and cause damage. Our HIDDEN Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot?hsCtaAttrib=411057601767] helps organisations identify hidden gaps across devices, monitoring, policies, and response capabilities; creating a clearer picture of where endpoint risks actually exist. Key takeaways: * Why endpoints remain a primary target for attackers * The risks created by outdated devices and inconsistent standards * Why traditional antivirus is no longer enough on its own * How behaviour-based attacks are changing cyber security * The importance of detection, response, and threat containment * What good endpoint protection looks like today Chapters: 00:00 Introduction 01:09 Meet Callum Archer 02:08 Why devices remain a prime target 04:19 The unseen cost of vulnerabilities and alert fatigue 07:25 What happens after a device is compromised 09:00 Why antivirus alone isn't enough 10:51 The rise of malware-free attacks 13:10 How inconsistent device standards create risk 16:25 The non-negotiables of endpoint protection 17:39 Measuring your security maturity 19:47 Callum’s advice on what to do when a device is compromised 20:10 Conclusion

Episode 6: Why Backup Isn’t the Same as Recovery

“We have backups.”  It’s one of the most common phrases in cyber security conversations (and one of the most misunderstood).  Because having a backup doesn’t automatically mean your business can recover.  In this episode, Lynn sits down with Steve Hennessy to unpack the critical difference between backup, recovery, business continuity, and resilience, and why testing matters just as much as the backup itself.  When systems go down, the real question isn’t whether a copy of your data exists. It’s how quickly you can get your business operational again.  This conversation explores why untested backups create a false sense of security, how ransomware attackers increasingly target backup systems first, and why assumptions around recovery often fall apart during real-world incidents.  Steve also breaks down the concept of Recovery Time Objectives (RTOs), why downtime impacts every business differently, and how organisations should think about resilience beyond just data storage.  Most importantly, this episode reframes recovery planning as something proactive, not reactive. Because calm, structured decision-making during a crisis only happens when the planning, testing, and preparation have already happened beforehand.  From restore testing and disaster recovery planning to identifying single points of failure, this episode is all about understanding what happens after something goes wrong and whether your business is truly prepared for it.  A Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] helps organisations identify hidden gaps across backup strategy, resilience, recovery planning, and operational risk: creating a clearer picture of where vulnerabilities exist.  Key takeaways:  * Why backups and recovery are not the same thing   * The risks of relying on untested backups   * Why ransomware attackers target backup systems first   * What Recovery Time Objectives (RTOs) mean   * How business continuity planning improves resilience   * Why testing and preparation matter more than assumptions   Chapters:  00:00 Introduction  01:11 Meet Steve Hennessy  02:15 Why backups alone aren’t enough  05:33 The importance of restore testing  08:17 The danger of assuming recovery will work  10:15 Why attackers target backup systems  13:17 Understanding Recovery Time Objectives (RTOs)  14:41 What downtime really costs a business  10:15 Cyber security and backup systems  18:07 Backup vs recovery explained  19:35 Why business continuity planning matters  22:20 The non-negotiables for resilience  25:50 Steve’s advice on staying calm during a cyber crisis  27:02 Conclusion

Episode 5: Taking Control of Your Data

Your business data is constantly moving. Shared across Teams. Stored in cloud drives. Downloaded onto devices. Sent externally. Duplicated. Renamed. Forwarded. And in many SMBs, nobody has full visibility of where it all lives anymore. In this episode, Lynn sits down with Nisha Sondhi to unpack the growing challenges of data governance, oversharing, and data sprawl. They also discuss why controlling your data has become one of the biggest cyber security challenges facing modern businesses. Because data doesn’t usually become exposed through one dramatic event. It happens gradually. A file gets overshared. Access permissions are never reviewed. Sensitive information sits in the wrong place. A link gets sent externally. And over time, organisations lose track of what’s sensitive, who has access to it, and what’s happening to it. This conversation explores why data classification is often missing in SMB environments, how human behaviour quietly increases risk, and why “everyone has access to everything” creates far more problems than it solves. Nisha also breaks down the growing pressure coming from compliance requirements, insurers, and customers — who increasingly expect organisations to prove they understand where their data lives and how it’s protected. Most importantly, this episode reframes data governance as something practical, not overwhelming. Because good data security isn’t about locking everything down. It’s about balance, visibility, and putting the right controls around the data that matters most. A Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] helps organisations identify hidden gaps across data sharing, access, governance, and user behaviour: creating a clearer picture of where risk actually exists. Key takeaways: * Why data sprawl creates hidden security risks * The dangers of oversharing inside and outside the business * Why data classification is often missing in SMBs * How compliance and cyber insurance are reshaping data governance * What good data governance actually looks like in practice Chapters: 00:00 Introduction 01:10 Meet Nisha Sondhi 02:10 Why businesses lose track of their data 07:20 Why governance and compliance now matter more 09:05 The problem with unclassified data 12:31 How human behaviour increases data risk 19:20 What to do when sensitive data is exposed 24:04 Conclusion

Episode 4: Who Can Get into Your Business Right Now?

If someone stole a password in your business today, how much could they actually access? That’s the question at the centre of this episode. Lynn sits down with Anton Davies to unpack why identity has become the new perimeter in cyber security, and why attackers are increasingly targeting people, passwords, and access instead of trying to “hack” their way into systems. Because modern cyber attacks often don’t start with breaking in. They start with logging in. This episode explores how compromised identities can quietly open the door to sensitive systems, company data, and internal tools (often without anyone realising until it’s too late). From over-provisioned admin access to forgotten accounts and weak password habits, Anton breaks down the identity gaps that commonly exist inside SMB environments and why they’re so dangerous. The conversation also unpacks the practical side of identity security, including: * Why multi-factor authentication (MFA) should be non-negotiable * How conditional access helps reduce unnecessary risk * Why “too much access” can become a major problem * How small housekeeping habits can dramatically improve visibility and control Most importantly, this episode reframes identity security as something bigger than passwords. It’s about understanding who has access to what, when they should have it, and what happens if those accounts are compromised. Because if identity is now the front door to your business, you need to know exactly who can walk through it. A Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] helps organisations identify hidden gaps across identity, access, devices, and governance: creating a clearer picture of where exposure actually exists. Key takeaways: * Why identity is now the new perimeter in cyber security * How credential theft leads to larger breaches * The risks of excessive admin access and poor housekeeping * Why MFA and conditional access matter more than ever * How passphrases can strengthen password security Chapters: 0:00 Introduction 1:10 Meet Anton Davies 2:05 Identity as the new perimeter 3:11 Credential theft and its implications 6:21 Security gaps in identity management 7:41 Excessive privilege risks 10:44 Penetration testing explained 11:29 Lifecycle control in identity management 13:57 Non-negotiables for SMB identity security 18:37 Governance and ownership of identity 21:49 Anton’s quick win for password security 24:27 Conclusion

Episode 3: Why 95% of Cyber Breaches Start with People — and What to Do About It

Cyber criminals don’t always need to break through your firewall. Sometimes, they just need someone to click. In this episode, Lynn sits down with James Gaskell to unpack why human behaviour remains one of the biggest cyber security risks facing SMBs today, and why AI-assisted phishing and social engineering attacks are becoming harder to spot than ever. Because modern phishing doesn’t always look suspicious anymore. It looks like urgency. Convenience. A QR code at an event. A message from your bank. A quick request from a colleague. And when people are busy, distracted, or simply trying to get through the day, mistakes happen. That’s exactly what attackers are counting on. But this episode isn’t about blame or fear. It’s about understanding how human risk actually works, and how small, consistent changes can dramatically reduce exposure over time. James explores why cyber security training often becomes a tick-box exercise, how shadow IT and unofficial tools quietly create risk, and why visibility into everyday behaviour matters just as much as the technology protecting your business. Most importantly, this conversation reframes people not as the weakest link, but as a potential line of defence (when they’re supported with the right awareness, guidance, and processes). Improving cyber security starts with understanding where your gaps are and building from there. A Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] helps organisations identify those hidden gaps across people, devices, access, and data – creating a clearer picture of where risk actually sits. Key takeaways: · Why phishing attacks are still so effective · How AI is changing social engineering attacks · The hidden risks created by everyday behaviour · Why cyber awareness training often falls short · How to turn people into a stronger line of defence Chapters: 00:00 Introduction 01:01 Meet James Gaskell 02:18 Why phishing still works 05:10 How social engineering became more convincing 11:16 Why attackers target behaviour, not systems 13:04 The hidden gaps in everyday cyber habits 14:48 Shadow IT and the visibility problem 17:40 Moving from reactive to proactive security 19:28 Turning people into part of the defence 22:03 Measuring human risk properly 23:18 James’s final advice 24:18 Conclusion