In the fast-evolving world of cybersecurity, software, operating systems, and applications are constantly being refined, improved, and, crucially, secured. Regular updates, also known as patching, are not merely about gaining new features or improving performance; they are an absolutely critical cybersecurity practice. Neglecting updates is like leaving your digital doors wide open after a burglar has already identified the weak spots.

In cybersecurity, access control for users is about ensuring that only authorised individuals can access specific systems, applications, and data, and only to the extent necessary for their role. This principle is often referred to as the "principle of least privilege"  – granting users the bare minimum permissions required to perform their job functions, and nothing more.

Your Wi-Fi network and broader internal networks are the digital gateways to all your connected devices, resources and data. Just as a physical building needs secure entrances, your networks require robust access controls to prevent unauthorised entry and protect everything within. Ignoring network security is like leaving your front door wide open.

The shift to remote work has transformed how we work, but also introduces new cyber security challenges, particarly around access control in a less structured environment, like a home office.  When working off site,  your personal network and devices become potential entry points into your organisation's systems, making robust access control crucial.

Multi factor authentication is considered the most impactful single step you can take to strengthen your access control to digital accounts, systems and data. While a strong password is your first line of defence, MFA adds a critical second (or more) layer of verification, making it much harder for cyber criminals to gain unauthorised entry, even if they've stolen your password.

Following the Kido nursery breach we've previously published information about, one of our consultants was invited to be guest on the Small Business Cyber Security Guy's podcast.

Cyber security awareness isn't static; it evolves with new threats and changes in technology.  

Technology alone will not fully protect an organisation; people are often considered the weakest link or biggest vulnerability in the security chain, but they can also be the strongest. Cyber security training is not just an option, but an absolute necessity.

Cyber security has many levels; policies and procedures are about establishing clear rules, guidelines and processes that govern how information is handled within an organisation.  Well-defined policies and procedures serve as the blueprint for your cyber security program, ensuring consistent practices, reducing human error and providing a framework for accountability.

Before you can effectively improve your cyber security, you must first understand where you are - Understand Your Cyber Posture. It involves a thorough evaluation of your existing security measures, identifying vulnerabilities, and understanding the risks you face.  You can't protect what you don't know you have or what weaknesses you might have hidden

🔚Microsoft will officially end support for Windows 10 on October 14th 2025 - this means no more security updates, bug fixes or technical support.

Education providers are prime targets for cyber attacks due to the sensitive personal data they hold, with often limited IT resources to protect it.

Preventing ransomware attacks requires a multi-layered approach.  Regular backups are crucial - ensure they are isolated and tested. Employee training is paramount; staff must be able to recognise a phishing attempt.  All software and systems should be updated to patch vulnerabilities.  Strong access controls and MFA for all accounts will prevent up to 89% of data beaches.

The headlines often focus on large organisations or governments falling victim to cyber attacks, such as M&S and the Co-op, however, there is an increasing number of attacks on schools and colleges.  A ransomware attack on a school can be particularly devastating, crippling operations, disrupting learning and putting sensitive student and staff data at risk.

Creating a cyber action plan will help you navigate the digital world safely.  A well thought out plan can help you with a structured approach to improving your security posture, help identify weaknesses and ensure a rapid response when an incident occurs.  It can move you from reactive panic to proactive preparedness.

While cyber security may sound complex and something just for 'the IT department', that couldn't be further from the truth.  Cyber security is a shared responsibility, and every individual from the CEO down to the newest apprentice, plays a vital role in protection themselves and their broader digital ecosystem.

Even with the robust preventative measures, cyber attacks can happen.  The key is is not to panic and to have a plan, most organisations will call this a cyber incident response plan.  Knowing what to do in the immediate aftermath can significantly mitigate the damage, limit data loss and speed up recovery.

On day 3 of Cyber Security Awareness Month we are looking at data security.  Data Security refers to the measures taken to protect date from unauthorised access, corruption or theft throughout its lifecycle.

Our second day of Cyber Security Awareness Month is about controlling access to your personal information and how it is used. Personal data is now constantly being collected, processed and shared.  Privacy protection is about exercising control over who has access to your personal data and how it is used.

October is Cyber Security Awareness Month!  And although we don't think that Cyber Security awareness is something to cover just once in the year,  we are dedicating this month to raising awareness about digital safety.

A cyber attack on nursery chain, Kido claims to have stolen photos, names and addresses of around 8,000 children.  The information includes parental details and carers and safeguarding notes.

The Cyber Assessment Framework (CAF) is cyber security guidance for organisations that play a vital role in the day-today life in the UK and organisations should look to it as guidelines for helping keep data safe.

Given the Public Sector Fraud Authority estimates that every year between £39.9 billion and £58.5 billion of taxpayer's money is subject to fraud and error, it's no wonder the UK Government has published some guidance about fraud awareness.

With the recent Data Use and Access Act, organisations must now be more precise than ever about how they handle data rights concerns; the complaints process for data rights is clarified and formalised. This article discusses best practice around which complaints process to use when you receive a complaint.

Joe Tidy, BBC's Cyber correspondent has published a blog about cyber crime in schools following the ICO issuing a warning about the 'worrying trend' of students hacking their own school and college IT systems for fun or as part of dares. We explore the situation and what you should do when it happens.

Parents of a school in Birmingham are concerned that a school has accidentally shared a spreadsheet which contained student names for children in Year 7 to Year 11 and parental contact details.

We've updated and added some new policies, including the Data Protection Policy, Model Redaction Guidelines, Data Rights Complaints Process, Freedom of Information Policy, SAR Procedure Template, SAR Response Template, Subject Access Request Clarification Template.  This article shows an amendments made to the documents.

The latest release of the "Keeping Children Safe in Education" guidance brings important updates for schools and colleges, including points relating to the rapidly evolving digital landscape.  Most of the changes in this year's guidance are technical.

We've published a new e-learning module for 2025 data protection training.

The recent data breach involving Online SCR, an online provider of single central record (SCR) services, has put the personal data of education staff at risk.  The breach was a result of a cyber attack on a subcontractor.