It’s one of the most common phrases in cyber security conversations (and one of the most misunderstood). 

Because having a backup doesn’t automatically mean your business can recover. 

In this episode, Lynn sits down with Steve Hennessy to unpack the critical difference between backup, recovery, business continuity, and resilience, and why testing matters just as much as the backup itself. 

When systems go down, the real question isn’t whether a copy of your data exists. It’s how quickly you can get your business operational again. 

This conversation explores why untested backups create a false sense of security, how ransomware attackers increasingly target backup systems first, and why assumptions around recovery often fall apart during real-world incidents. 

Steve also breaks down the concept of Recovery Time Objectives (RTOs), why downtime impacts every business differently, and how organisations should think about resilience beyond just data storage. 

Most importantly, this episode reframes recovery planning as something proactive, not reactive. Because calm, structured decision-making during a crisis only happens when the planning, testing, and preparation have already happened beforehand. 

From restore testing and disaster recovery planning to identifying single points of failure, this episode is all about understanding what happens after something goes wrong and whether your business is truly prepared for it. 

A Cyber Security Snapshot helps organisations identify hidden gaps across backup strategy, resilience, recovery planning, and operational risk: creating a clearer picture of where vulnerabilities exist. 

Key takeaways: 

• Why backups and recovery are not the same thing  

• The risks of relying on untested backups  

• Why ransomware attackers target backup systems first  

• What Recovery Time Objectives (RTOs) mean  

• How business continuity planning improves resilience  

• Why testing and preparation matter more than assumptions  

Chapters: 

00:00 Introduction 
01:11 Meet Steve Hennessy 
02:15 Why backups alone aren’t enough 
05:33 The importance of restore testing 
08:17 The danger of assuming recovery will work 
10:15 Why attackers target backup systems 
13:17 Understanding Recovery Time Objectives (RTOs) 
14:41 What downtime really costs a business 
10:15 Cyber security and backup systems 
18:07 Backup vs recovery explained 
19:35 Why business continuity planning matters 
22:20 The non-negotiables for resilience 
25:50 Steve’s advice on staying calm during a cyber crisis 
27:02 Conclusion  

Shared across Teams. Stored in cloud drives. Downloaded onto devices. Sent externally. Duplicated. Renamed. Forwarded.

And in many SMBs, nobody has full visibility of where it all lives anymore.

In this episode, Lynn sits down with Nisha Sondhi to unpack the growing challenges of data governance, oversharing, and data sprawl. They also discuss why controlling your data has become one of the biggest cyber security challenges facing modern businesses.

Because data doesn’t usually become exposed through one dramatic event.

It happens gradually.

A file gets overshared.
Access permissions are never reviewed.
Sensitive information sits in the wrong place.
A link gets sent externally.

And over time, organisations lose track of what’s sensitive, who has access to it, and what’s happening to it.

This conversation explores why data classification is often missing in SMB environments, how human behaviour quietly increases risk, and why “everyone has access to everything” creates far more problems than it solves.

Nisha also breaks down the growing pressure coming from compliance requirements, insurers, and customers — who increasingly expect organisations to prove they understand where their data lives and how it’s protected.

Most importantly, this episode reframes data governance as something practical, not overwhelming.

Because good data security isn’t about locking everything down.

It’s about balance, visibility, and putting the right controls around the data that matters most.

A Cyber Security Snapshot helps organisations identify hidden gaps across data sharing, access, governance, and user behaviour: creating a clearer picture of where risk actually exists.

Key takeaways:

• Why data sprawl creates hidden security risks
• The dangers of oversharing inside and outside the business
• Why data classification is often missing in SMBs
• How compliance and cyber insurance are reshaping data governance
• What good data governance actually looks like in practice

Chapters:

00:00 Introduction
01:10 Meet Nisha Sondhi
02:10 Why businesses lose track of their data
07:20 Why governance and compliance now matter more
09:05 The problem with unclassified data
12:31 How human behaviour increases data risk
19:20 What to do when sensitive data is exposed
24:04 Conclusion

That’s the question at the centre of this episode.

Lynn sits down with Anton Davies to unpack why identity has become the new perimeter in cyber security, and why attackers are increasingly targeting people, passwords, and access instead of trying to “hack” their way into systems.

Because modern cyber attacks often don’t start with breaking in.

They start with logging in.

This episode explores how compromised identities can quietly open the door to sensitive systems, company data, and internal tools (often without anyone realising until it’s too late). From over-provisioned admin access to forgotten accounts and weak password habits, Anton breaks down the identity gaps that commonly exist inside SMB environments and why they’re so dangerous.

The conversation also unpacks the practical side of identity security, including:

• Why multi-factor authentication (MFA) should be non-negotiable
• How conditional access helps reduce unnecessary risk
• Why “too much access” can become a major problem
• How small housekeeping habits can dramatically improve visibility and control

Most importantly, this episode reframes identity security as something bigger than passwords.

It’s about understanding who has access to what, when they should have it, and what happens if those accounts are compromised.

Because if identity is now the front door to your business, you need to know exactly who can walk through it.

A Cyber Security Snapshot helps organisations identify hidden gaps across identity, access, devices, and governance: creating a clearer picture of where exposure actually exists.

Key takeaways:

• Why identity is now the new perimeter in cyber security
• How credential theft leads to larger breaches
• The risks of excessive admin access and poor housekeeping
• Why MFA and conditional access matter more than ever
• How passphrases can strengthen password security

Chapters:

0:00 Introduction
1:10 Meet Anton Davies
2:05 Identity as the new perimeter
3:11 Credential theft and its implications
6:21 Security gaps in identity management
7:41 Excessive privilege risks
10:44 Penetration testing explained
11:29 Lifecycle control in identity management
13:57 Non-negotiables for SMB identity security
18:37 Governance and ownership of identity
21:49 Anton’s quick win for password security
24:27 Conclusion

Sometimes, they just need someone to click.

In this episode, Lynn sits down with James Gaskell to unpack why human behaviour remains one of the biggest cyber security risks facing SMBs today, and why AI-assisted phishing and social engineering attacks are becoming harder to spot than ever.

Because modern phishing doesn’t always look suspicious anymore.

It looks like urgency. Convenience. A QR code at an event. A message from your bank. A quick request from a colleague. And when people are busy, distracted, or simply trying to get through the day, mistakes happen.

That’s exactly what attackers are counting on.

But this episode isn’t about blame or fear.

It’s about understanding how human risk actually works, and how small, consistent changes can dramatically reduce exposure over time.

James explores why cyber security training often becomes a tick-box exercise, how shadow IT and unofficial tools quietly create risk, and why visibility into everyday behaviour matters just as much as the technology protecting your business.

Most importantly, this conversation reframes people not as the weakest link, but as a potential line of defence (when they’re supported with the right awareness, guidance, and processes).

Improving cyber security starts with understanding where your gaps are and building from there.

A Cyber Security Snapshot helps organisations identify those hidden gaps across people, devices, access, and data – creating a clearer picture of where risk actually sits.

Key takeaways:

· Why phishing attacks are still so effective

· How AI is changing social engineering attacks

· The hidden risks created by everyday behaviour

· Why cyber awareness training often falls short

· How to turn people into a stronger line of defence

Chapters:

00:00 Introduction
01:01 Meet James Gaskell
02:18 Why phishing still works
05:10 How social engineering became more convincing
11:16 Why attackers target behaviour, not systems
13:04 The hidden gaps in everyday cyber habits
14:48 Shadow IT and the visibility problem
17:40 Moving from reactive to proactive security
19:28 Turning people into part of the defence
22:03 Measuring human risk properly
23:18 James’s final advice
24:18 Conclusion

Firewall. Antivirus. Backups. Maybe even advanced detection.

So why does it still feel like something’s missing?

In this episode, we move beyond awareness and into something most SMBs don’t have: structure.

Lynn sits down with Adam Bearder (the mind behind HIDDEN) to unpack a problem many businesses recognise but struggle to articulate: security that looks solid on paper, but doesn’t hold up in practice.

Because the issue isn’t usually a lack of technology. It’s a lack of clarity.

Who owns what? What happens when something goes wrong? Are alerts being acted on, or just ignored? And most importantly: do you actually know where your weakest point is?

This is where HIDDEN comes in.

HIDDEN isn’t another product or a list of tools. It’s a simple, structured way to understand your cyber security. So you can see where you’re strong, where you’re exposed, and what to fix next.

At its core are six areas every business relies on:

·        Human risk – how your people behave and where mistakes can happen

·        Identity – who has access to what, and how that access is controlled

·        Data – how your information is stored, used, and shared

·        Disaster recovery – how quickly you can recover when something goes wrong

·        Endpoint protection – how your devices are kept secure day to day

·        Network & cloud – how everything connects and where risks can enter

Individually, most businesses have pieces of this covered. But rarely do they have a clear, joined-up view across all of them.

And that’s the gap.

Because once you can see your weakest area, you can do something about it.

If you take one thing from this episode, it’s this: Stop reacting and buying tools for the sake of it, and start by understanding where you actually stand.

Our  Cyber Security Snapshot is designed to do exactly that: give you a clear starting point so you can move forward with confidence, not assumptions.

Key takeaways:

·        Why having more tools doesn’t always mean better security

·        How “tool sprawl” can quietly increase your risk

·        What cyber security maturity actually looks like in practice

·        The six areas that define your overall security

·        Why confidence comes from knowing your weakest link

Chapters:

00:00 Introduction
01:04 Meet Adam Bearder
02:47 Why you still feel exposed despite buying all the tools
07:07 The concept of maturity in cyber security
09:54 Exploring the six areas of the HIDDEN framework
16:49 Shared language between leadership and IT
19:34 Adam’s final advice
21:02 Conclusion

They’ve got antivirus. Someone’s responsible. Nothing bad has happened (yet).

But here’s the uncomfortable truth: if you had to prove you’re secure today, could you?

In this first episode, Lynn sits down with Mark O’Dell, Director of Secure Cloud and AI at Babble, to unpack why the UK has become one of the most targeted countries for cyber threats, and why small and mid-sized businesses are firmly in the firing line.

This isn’t about scare tactics. It’s about clarity.

You’ll hear why the idea of being “too small to matter” doesn’t hold up anymore, how AI and automation have changed the economics of cyber attacks, and why many businesses are being caught out – not because they’re doing nothing, but because their approach hasn’t kept pace.

Mark also breaks down the shift from traditional perimeter security to a world where identity, devices, and human behaviour are now the real battleground. From password reuse to supply chain exposure and even overlooked backup risks, this episode highlights the gaps most businesses don’t realise they have.

And that’s the point.

Cyber risk doesn’t usually come from what you know. It comes from what you can’t see.

If you’re relying on a mixed bag of tools, assumptions, and “we’ve always been fine,” this episode will challenge that thinking and give you a more practical way to look at your security.

Because before you rush to buy another solution, you need to understand where you actually stand.

That’s where a Cyber Security Snapshot comes in: a simple way to see where you’re strong, where you’re exposed, and what to fix first.

Key takeaways:

• Why the UK is such a high-value target for cyber criminals
• The myth of “we’re too small to matter”, and why it’s dangerous
• How AI and automation have changed the threat landscape
• The shift from perimeter security to identity, devices, and human risk
• Why most SMBs are exposed in ways they don’t fully understand

Chapters:

00:00 Introduction
00:52 Meet Mark O’Dell
02:09 Why the UK is a prime cyber target
04:09 The “too small to matter” myth
12:35 How the threat landscape has shifted
18:24 Business impact and reputational damage
23:42 Final advice for SMBs
25:31 Conclusion

Whether you're a business owner, a time-pressed IT manager, or someone who’s ended up holding the cyber security baby, this podcast will help you see things more clearly.

In the initial episodes, we introduce HIDDEN: a simple, structured way to understand your security across six areas that actually determine how protected your business is. Not another product. Not another layer. Just a clearer view of where you’re strong, where you’re exposed, and what to fix next.

Along the way, we unpack some of the biggest misconceptions in cyber security, like why a stack of tools that technically “work” can still leave you exposed, and why so many businesses feel vulnerable despite significant spend.

You’ll come away with a more practical way to think about cyber risk: not as a one-off project, but something that needs to be understood, prioritised, and improved over time.

Because cyber security doesn’t stand still, and neither does your business.

And that’s why this matters.

When you can’t clearly see your risks, you can’t control them.

But when you can, you can make better decisions, focus your effort, and move forward with confidence.

Hosted by Lynn Murape, this podcast keeps things grounded: no jargon, no scare tactics, just clear, practical conversations about what actually matters.

Subscribe now, and start seeing your security for what it really is, so you can improve it, step by step.