Episode 3: Why 95% of Cyber Breaches Start with People — and What to Do About It

Episode 6: Why Backup Isn’t the Same as Recovery

“We have backups.”  It’s one of the most common phrases in cyber security conversations (and one of the most misunderstood).  Because having a backup doesn’t automatically mean your business can recover.  In this episode, Lynn sits down with Steve Hennessy to unpack the critical difference between backup, recovery, business continuity, and resilience, and why testing matters just as much as the backup itself.  When systems go down, the real question isn’t whether a copy of your data exists. It’s how quickly you can get your business operational again.  This conversation explores why untested backups create a false sense of security, how ransomware attackers increasingly target backup systems first, and why assumptions around recovery often fall apart during real-world incidents.  Steve also breaks down the concept of Recovery Time Objectives (RTOs), why downtime impacts every business differently, and how organisations should think about resilience beyond just data storage.  Most importantly, this episode reframes recovery planning as something proactive, not reactive. Because calm, structured decision-making during a crisis only happens when the planning, testing, and preparation have already happened beforehand.  From restore testing and disaster recovery planning to identifying single points of failure, this episode is all about understanding what happens after something goes wrong and whether your business is truly prepared for it.  A Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] helps organisations identify hidden gaps across backup strategy, resilience, recovery planning, and operational risk: creating a clearer picture of where vulnerabilities exist.  Key takeaways:  * Why backups and recovery are not the same thing   * The risks of relying on untested backups   * Why ransomware attackers target backup systems first   * What Recovery Time Objectives (RTOs) mean   * How business continuity planning improves resilience   * Why testing and preparation matter more than assumptions   Chapters:  00:00 Introduction  01:11 Meet Steve Hennessy  02:15 Why backups alone aren’t enough  05:33 The importance of restore testing  08:17 The danger of assuming recovery will work  10:15 Why attackers target backup systems  13:17 Understanding Recovery Time Objectives (RTOs)  14:41 What downtime really costs a business  10:15 Cyber security and backup systems  18:07 Backup vs recovery explained  19:35 Why business continuity planning matters  22:20 The non-negotiables for resilience  25:50 Steve’s advice on staying calm during a cyber crisis  27:02 Conclusion

Episode 5: Taking Control of Your Data

Your business data is constantly moving. Shared across Teams. Stored in cloud drives. Downloaded onto devices. Sent externally. Duplicated. Renamed. Forwarded. And in many SMBs, nobody has full visibility of where it all lives anymore. In this episode, Lynn sits down with Nisha Sondhi to unpack the growing challenges of data governance, oversharing, and data sprawl. They also discuss why controlling your data has become one of the biggest cyber security challenges facing modern businesses. Because data doesn’t usually become exposed through one dramatic event. It happens gradually. A file gets overshared. Access permissions are never reviewed. Sensitive information sits in the wrong place. A link gets sent externally. And over time, organisations lose track of what’s sensitive, who has access to it, and what’s happening to it. This conversation explores why data classification is often missing in SMB environments, how human behaviour quietly increases risk, and why “everyone has access to everything” creates far more problems than it solves. Nisha also breaks down the growing pressure coming from compliance requirements, insurers, and customers — who increasingly expect organisations to prove they understand where their data lives and how it’s protected. Most importantly, this episode reframes data governance as something practical, not overwhelming. Because good data security isn’t about locking everything down. It’s about balance, visibility, and putting the right controls around the data that matters most. A Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] helps organisations identify hidden gaps across data sharing, access, governance, and user behaviour: creating a clearer picture of where risk actually exists. Key takeaways: * Why data sprawl creates hidden security risks * The dangers of oversharing inside and outside the business * Why data classification is often missing in SMBs * How compliance and cyber insurance are reshaping data governance * What good data governance actually looks like in practice Chapters: 00:00 Introduction 01:10 Meet Nisha Sondhi 02:10 Why businesses lose track of their data 07:20 Why governance and compliance now matter more 09:05 The problem with unclassified data 12:31 How human behaviour increases data risk 19:20 What to do when sensitive data is exposed 24:04 Conclusion

Episode 4: Who Can Get into Your Business Right Now?

If someone stole a password in your business today, how much could they actually access? That’s the question at the centre of this episode. Lynn sits down with Anton Davies to unpack why identity has become the new perimeter in cyber security, and why attackers are increasingly targeting people, passwords, and access instead of trying to “hack” their way into systems. Because modern cyber attacks often don’t start with breaking in. They start with logging in. This episode explores how compromised identities can quietly open the door to sensitive systems, company data, and internal tools (often without anyone realising until it’s too late). From over-provisioned admin access to forgotten accounts and weak password habits, Anton breaks down the identity gaps that commonly exist inside SMB environments and why they’re so dangerous. The conversation also unpacks the practical side of identity security, including: * Why multi-factor authentication (MFA) should be non-negotiable * How conditional access helps reduce unnecessary risk * Why “too much access” can become a major problem * How small housekeeping habits can dramatically improve visibility and control Most importantly, this episode reframes identity security as something bigger than passwords. It’s about understanding who has access to what, when they should have it, and what happens if those accounts are compromised. Because if identity is now the front door to your business, you need to know exactly who can walk through it. A Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] helps organisations identify hidden gaps across identity, access, devices, and governance: creating a clearer picture of where exposure actually exists. Key takeaways: * Why identity is now the new perimeter in cyber security * How credential theft leads to larger breaches * The risks of excessive admin access and poor housekeeping * Why MFA and conditional access matter more than ever * How passphrases can strengthen password security Chapters: 0:00 Introduction 1:10 Meet Anton Davies 2:05 Identity as the new perimeter 3:11 Credential theft and its implications 6:21 Security gaps in identity management 7:41 Excessive privilege risks 10:44 Penetration testing explained 11:29 Lifecycle control in identity management 13:57 Non-negotiables for SMB identity security 18:37 Governance and ownership of identity 21:49 Anton’s quick win for password security 24:27 Conclusion

Episode 3: Why 95% of Cyber Breaches Start with People — and What to Do About It

Cyber criminals don’t always need to break through your firewall. Sometimes, they just need someone to click. In this episode, Lynn sits down with James Gaskell to unpack why human behaviour remains one of the biggest cyber security risks facing SMBs today, and why AI-assisted phishing and social engineering attacks are becoming harder to spot than ever. Because modern phishing doesn’t always look suspicious anymore. It looks like urgency. Convenience. A QR code at an event. A message from your bank. A quick request from a colleague. And when people are busy, distracted, or simply trying to get through the day, mistakes happen. That’s exactly what attackers are counting on. But this episode isn’t about blame or fear. It’s about understanding how human risk actually works, and how small, consistent changes can dramatically reduce exposure over time. James explores why cyber security training often becomes a tick-box exercise, how shadow IT and unofficial tools quietly create risk, and why visibility into everyday behaviour matters just as much as the technology protecting your business. Most importantly, this conversation reframes people not as the weakest link, but as a potential line of defence (when they’re supported with the right awareness, guidance, and processes). Improving cyber security starts with understanding where your gaps are and building from there. A Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] helps organisations identify those hidden gaps across people, devices, access, and data – creating a clearer picture of where risk actually sits. Key takeaways: · Why phishing attacks are still so effective · How AI is changing social engineering attacks · The hidden risks created by everyday behaviour · Why cyber awareness training often falls short · How to turn people into a stronger line of defence Chapters: 00:00 Introduction 01:01 Meet James Gaskell 02:18 Why phishing still works 05:10 How social engineering became more convincing 11:16 Why attackers target behaviour, not systems 13:04 The hidden gaps in everyday cyber habits 14:48 Shadow IT and the visibility problem 17:40 Moving from reactive to proactive security 19:28 Turning people into part of the defence 22:03 Measuring human risk properly 23:18 James’s final advice 24:18 Conclusion

Episode 2: Cyber Security Made Simple: A Six-Area Framework for SMBs

You’ve bought the tools. Firewall. Antivirus. Backups. Maybe even advanced detection. So why does it still feel like something’s missing? In this episode, we move beyond awareness and into something most SMBs don’t have: structure. Lynn sits down with Adam Bearder (the mind behind HIDDEN) to unpack a problem many businesses recognise but struggle to articulate: security that looks solid on paper, but doesn’t hold up in practice. Because the issue isn’t usually a lack of technology. It’s a lack of clarity. Who owns what? What happens when something goes wrong? Are alerts being acted on, or just ignored? And most importantly: do you actually know where your weakest point is? This is where HIDDEN comes in. HIDDEN isn’t another product or a list of tools. It’s a simple, structured way to understand your cyber security. So you can see where you’re strong, where you’re exposed, and what to fix next. At its core are six areas every business relies on: ·        Human risk – how your people behave and where mistakes can happen ·        Identity – who has access to what, and how that access is controlled ·        Data – how your information is stored, used, and shared ·        Disaster recovery – how quickly you can recover when something goes wrong ·        Endpoint protection – how your devices are kept secure day to day ·        Network & cloud – how everything connects and where risks can enter Individually, most businesses have pieces of this covered. But rarely do they have a clear, joined-up view across all of them. And that’s the gap. Because once you can see your weakest area, you can do something about it. If you take one thing from this episode, it’s this: Stop reacting and buying tools for the sake of it, and start by understanding where you actually stand. Our  Cyber Security Snapshot [https://info.babble.cloud/cyber-security-snapshot] is designed to do exactly that: give you a clear starting point so you can move forward with confidence, not assumptions. Key takeaways: ·        Why having more tools doesn’t always mean better security ·        How “tool sprawl” can quietly increase your risk ·        What cyber security maturity actually looks like in practice ·        The six areas that define your overall security ·        Why confidence comes from knowing your weakest link Chapters: 00:00 Introduction 01:04 Meet Adam Bearder 02:47 Why you still feel exposed despite buying all the tools 07:07 The concept of maturity in cyber security 09:54 Exploring the six areas of the HIDDEN framework 16:49 Shared language between leadership and IT 19:34 Adam’s final advice 21:02 Conclusion