- 3 min read
"We have Microsoft 365, so we're covered" — and 4 settings that prove otherwise
Microsoft 365 is secure-capable, not secure-by-default. Out of the box, several settings are left wide open — and attackers know exactly which ones. Here are four to check this week.
Read - 4 min read
Multi-factor authentication, explained — and why turning it on is not the finish line
MFA stops most stolen-password attacks cold. But 'turned on' and 'properly configured' are not the same thing, and the gap between them is where accounts still get compromised.
Read - 4 min read
How to spot a phishing email in 2026 — a five-point gut check for your whole team
Phishing emails used to be easy to spot. In 2026, they are not. Here is a short, teachable checklist any employee can use before they click.
Read - 4 min read
What 'the cloud' actually is — Microsoft 365 vs Azure, in plain English
Everyone says their business is 'in the cloud.' Fewer people can explain what that means — or why it changes who is responsible for keeping things secure.
Read - 3 min read
Do small businesses really need to care about compliance? A plain-English guide
HIPAA, CIS, SOC 2 — the compliance alphabet can feel overwhelming. Here's when a small business actually needs to pay attention, and the reassuring truth about what most of it actually requires.
Read - 4 min read
The first hour of a suspected breach: a simple plan for a team with no IT department
If you suspect an account is compromised or a scam succeeded, the first hour matters. Here is a calm, step-by-step plan to prepare before you need it.
Read - 4 min read
Backups that actually save you — the 3-2-1 rule in plain English
Backups are the last line of defence against ransomware, accidental deletion, and a lost laptop. But a backup you have never tested is not really a backup. Here is what actually works.
Read - 3 min read
The dropped USB stick: why curiosity is an attack vector
Leave a few USB sticks in a parking lot and a surprising number get plugged into work computers. Baiting attacks weaponize curiosity and good intentions. Here is how they work and the simple rule that stops them.
Read - 3 min read
Fake updates and bad downloads: when 'install now' is the trap
We're told to keep our software updated, so a popup urging us to update feels responsible to click. Attackers turned that good habit against us. Here is how fake-update and malicious-download attacks work.
Read - 4 min read
Anatomy of a breach: how attackers actually move, step by step
A real breach is rarely one dramatic moment. It is a chain of small steps, each one ordinary. Seeing the whole sequence shows you where it can be broken — and how breaking one link stops the rest.
Read - 4 min read
Building a human firewall: training a small team without boring them
Your team is either your weakest link or your best sensor, and the difference is a little training done well. Here is how to build real security awareness in a small business without a corporate program or a dull annual video.
Read
See your own risk
Reading about it is one thing. Seeing your own gaps is another.
Start a 7-day Pro trial and get a plain-English security report for your Microsoft 365 and Azure — no credit card.