IT in the News

Stop the Bleeding: How Revoking Admin Rights Eliminates Support Tickets

June 15, 2026

The most time-consuming ticket in your queue is rarely a hardware failure. It’s the PC infection that started when a user installed something they shouldn’t have been able to. Or it’s the broken configuration left behind after someone changed a setting IT can’t trace. Local administrator rights (the ability to install software, modify system settings, and override security controls) are given to end users far more often than the risk warrants.  The usual reason is efficiency.  The practical result is

Read More...

Is Your Invoice a Deepfake? Securing Your Accounts Payable Process Against Voice and Email Cloning

June 10, 2026

It’s a statistic that sends a shiver down the backs of SME owners, managers and employees.   According to the FBI’s 2025 Internet Crime Report, business email compromise (BEC) cost US businesses more than $3 billion last year. This makes it one of the most financially damaging cybercrimes on record.  AI has made these attacks harder to detect. The question for AP teams is no longer whether they can identify suspicious requests. It is whether the processes around payments make fraud

Read More...

Adversary-in-the-Middle Attacks: How Phishing Sites Steal Your Active Login

June 5, 2026

You click a link, sign in, approve the MFA prompt, and get on with your day. Completely unaware that someone else just logged into your account at the same moment. That scenario surprises many businesses, particularly those that rely on multi-factor authentication (MFA) to protect cloud accounts. But this is exactly how Adversary-in-the-Middle (AiTM) phishing attacks work.  Rather than stealing passwords for later use, these attacks silently hijack an already-authenticated session in real time. MFA remains a core control, and

Read More...

The “Session Cookie” Hijack: Why MFA Can’t Always Save You

May 30, 2026

MFA is a strong front-door lock. But it’s not the only thing that decides whether someone can get in. After you sign in, your browser keeps you logged in using a session token (often stored as a cookie). It’s the digital version of a wristband at an event: once you’ve been checked, the wristband proves you belong there. If an attacker steals that wristband, they may not need to beat your MFA prompt at all. That’s the core of session

Read More...

The “Legacy Debt” Audit: Identifying the 3 Oldest Risks in Your Server Room

May 25, 2026

The most dangerous thing in a server room is often the phrase, “Don’t touch that.” It’s usually said with a half-joke and a grimace. It refers to the old box that “still works”, runs something important, and has survived so many fixes and workarounds that nobody feels confident changing it anymore. That’s legacy debt.  Not just “old tech”, but old tech that’s become a dependency. It’s the kind that quietly accumulates risk until it turns into downtime, security exposure, or

Read More...

The “Backup Exit” Strategy: Can You Move Your Data Without the Vendor’s Help?

May 20, 2026

When you first sign up for a software-as-a-service (SaaS) platform, everything is designed to feel effortless.  The problem is that the first real test of a SaaS relationship isn’t the onboarding. It’s the exit.  For many small businesses, the front door is wide open, but the emergency exit is bolted shut: exports are incomplete, key data sits in proprietary formats, and leaving requires expensive vendor help. That’s more than inconvenient. It’s a business risk.  As teams move toward a workforce

Read More...

Micro-SaaS Vetting: The 5-Minute Security Check for Browser Add-ons

May 15, 2026

Browser add-ons have a funny reputation. They feel “small”. A quick install. A tiny productivity boost. A harmless little helper that lives in your toolbar. But in practice, a browser extension is more like a micro-SaaS vendor sitting inside your browser session. It can see what you see, interact with the pages you open, and sometimes access the same cloud apps your business runs on all day. That’s why a browser extension security check matters.  Not because every extension is

Read More...

LinkedIn “Social Engineering”: Protecting Your Staff from Fake Recruitment Scams

May 10, 2026

A fake recruiter message is one of the cleanest social engineering tricks around because it doesn’t look like a trick. That’s why LinkedIn recruitment scams work so well inside real businesses.  They don’t arrive as malware. They arrive as a normal conversation that nudges someone toward one small action: click this link, open this file, “verify” this detail, move the chat to a different app. A few simple checks, a couple of hard-stop rules, and an easy way to report

Read More...

“Clean Desk” 2.0: Securing Your Home Office from Physical Data Leaks

May 5, 2026

In the traditional office, a “Clean Desk” policy was a simple habit: shred the sensitive stuff, lock it away, and don’t leave passwords where someone can see them. In 2026, the same idea still matters but the “desk” has changed.  For many teams, the home office is now the default workspace, and that means physical access can quickly become digital access. An unlocked screen, a shared device, or a laptop left in the wrong place can expose the same systems

Read More...

The Essential Checklist for Securing Company Laptops at Home

April 30, 2026

At home, security incidents don’t look like dramatic movie hacks. They look like stepping away from your laptop during a delivery, or leaving it unlocked while you grab something from another room. Those ordinary moments, repeated over time, are how work devices end up exposed. A remote work security checklist focuses on simple, practical controls that hold up in real life. Put it in place once, make it routine, and you’ll prevent the kinds of issues that hurt most because

Read More...