Think your MSP has your back? Think again. In Part 4 of Breached, we unpack the brutal truths most businesses only learn after the worst happens.

From useless logs to skyrocketing insurance, and a support ticket that nearly destroyed everything, this is the roadmap you wish you had before the call came. Ten hard lessons, zero fluff.

Why your MSP is there to sell, not protect. Why a good fractional CIO is worth their weight in gold. And why silence from your IT provider isn’t just dangerous—it might be deliberate. This isn’t theory. It’s survival. And you’d better be ready.

Think you're too small to be a target? Think again. UK small businesses are now the top attack vector for state-backed hackers from Russia and China, and your half-baked cybersecurity is a red carpet to our critical infrastructure.

M&S, Harrods, and the Co-op didn’t get hit by chance, they got hit through you. If you’re in the supply chain without Cyber Essentials Plus, real EDR, or even basic patching, you’re not just vulnerable — you’re a national liability. Time to grow up or get out of the way.

The breach was just the beginning. In Part 3 of Breached, the truth is out—and now come the consequences. The MSP tried to hide a misconfiguration. They failed.

Now the clients are calling, the regulators want answers, and the business owner is left holding the fallout. From a quiet boardroom to sleepless nights and rising insurance premiums, this is what happens when a cover-up gets exposed. Contracts are cancelled. Trust evaporates.

And the worst part? It all could have been prevented. If you've ever wondered what happens after the breach, this is the chapter that shows just how far it spreads.

What happens when your IT provider makes a mistake—and then tries to hide it? In Part 2 of Breached, a hidden support ticket, a missing firewall log, and over 400 unpatched vulnerabilities unravel a small business’s trust in the team meant to protect them.

The MSP said, “Don’t tell the client.” But she was accidentally copied in. What followed was seven days of denial, silence, and mounting pressure—until the truth was read aloud, word for word, in a boardroom gone cold. This isn’t about poor support. This is about betrayal, exposure… and what happens when you catch someone in the lie.

Katie Roberts thought it was just another Tuesday—until her personal phone rang at 11:27 a.m. The voice on the other end wasn’t a client. It was the National Crime Agency. Within minutes, her calm, structured world tilted on its axis. A cyber breach. Live. Real. Observed. And her business—the one she’d built from scratch—was now under threat. No plan. No warnings. Just a quiet office and a slow, sinking realisation that everything was about to change. What do you do when your worst-case scenario starts with a phone call? You listen. You freeze. And then… you start asking questions.

Samsung has once again reminded us why blind trust is a cybersecurity death sentence. Researchers discovered a massive vulnerability in Galaxy devices' Secure Element — the hardware vault meant to protect your biometrics and encryption keys. Attackers could exploit this “inadvertent” flaw remotely, with Samsung quietly patching it months later and offering zero transparency.

No warnings. No device list. Just a silent fix and crossed fingers. If you own a Galaxy, you're now part of a grand experiment called cybersecurity roulette. Trust nothing. Verify everything. Then verify it again — especially when your vendor’s motto is basically “Oops, sorry!”

Think 2025 would be the year we finally nailed DDoS protection? Think again. Some poor online betting site just got steamrolled by a 1Tbps brute-force attack — and the industry is clutching its pearls like it’s 2005. Guess what?

If you’re running a high-value, downtime-sensitive business without bulletproof DDoS mitigation, you’re basically waving a “please fuck up my day” flag at the internet. This wasn’t a sophisticated hack; it was raw, stupid power.

And it still worked. If your master plan is “hope and pray,” you deserve every packet flood coming your way. Dive into this raging breakdown of why businesses are still flailing when the digital shitstorm hits.

Spoiler: it's entirely their own bloody fault.

The UK’s new Cyber Security and Resilience Bill is about to shake things up – hard. With fines of up to £100,000 per day for failing to report serious cyber incidents, the days of shrugging off IT failures are officially over.

Critical suppliers like MSPs are firmly in the government’s sights, and mandatory reporting within 24 hours means businesses must be ready to move fast. But is it enough?

Will this finally close the gaps attackers have exploited for years, or will it pile more pressure on already stretched organisations? One thing is clear: ignoring cyber security is no longer an option.

Paper password managers. Charming relics of a simpler time... or a catastrophically bad idea in 2025?

At home? Fine. Lock it up tighter than your secret stash of biscuits.

At work? Absolutely fucking not.

Unless your business strategy includes "hoping Karen does not spill coffee on the master admin password" – get a proper password manager.

Maybe, maybe a sealed "break glass" password for your CRM or M365 admin account. And I mean sealed like you are guarding the Crown Jewels.

Want the full sarcastic (and slightly sweary) breakdown?

Still clinging to that dusty old server from 2012? So are the hackers. Legacy systems are not just outdated — they are a neon sign flashing “easy target” above your business.

Whether you run a small law firm, an accountancy practice, or any small business handling client data, ignoring your ageing IT is a fast track to fines, breaches, and reputational disaster.

DPP Law learned this the hard way with a £60,000 fine. Will you be next?

Find out why modernising your systems is no longer optional — and how a little cyber hygiene today could save your firm tomorrow.

In April 2025, the global cybersecurity world almost lost CVE — the bedrock of vulnerability tracking — not to hackers, but to sheer bureaucratic incompetence. While politicians played games and cyber defenders were told to look the other way, the fragile, outdated systems of CVE and CVSS staggered toward collapse.

We didn’t fix them. We barely taped them back together. This isn’t just a story of near-miss disaster — it’s a full-blown indictment of cybersecurity's rotting foundations. If we do not burn it all down and rebuild, the next collapse won’t be a warning. It will be the end.

Think Windows 11 was secure? Think again. A critical flaw let attackers hijack full admin control in just 300 milliseconds using a tired old trick – DLL hijacking. Microsoft called it “Important” (because, sure, SYSTEM access is casual now), but for the rest of us, it was a neon sign saying “Hack me.”

Find out how your phone link feature became a hacker’s dream, why millions were left exposed for six months, and why patching yesterday might still not save you. How many ticking time bombs are hiding in Windows 11? Are you ready for the next one?

Google is stepping up Android security by introducing an automatic reboot feature. If your phone remains idle for three days after a critical update, it will now reboot itself to apply the patch and enhance your protection. This smart move helps close the vulnerability window users often leave open by ignoring reboot prompts.

Designed to be seamless and non-intrusive, the feature ensures devices are updated without disrupting daily use.

While not mandatory across all manufacturers yet, it signals a strong shift towards making mobile cybersecurity automatic, effortless, and unavoidable — exactly what modern users need in today’s fast-evolving threat landscape.