 |
The Small Business Cyber Security Guy | UK Cybersecurity for SMB & StartupsAuthor: The Small Business Cyber Security Guy
The UK's leading small business cybersecurity podcast, helping SMEs protect against cyber threats without breaking the bank. Join cybersecurity veterans Noel Bradford (CIO at Boutique Security First MSP) and Mauven MacLeod (ex-UK Government Cyber Analyst) as they translate enterprise-level security expertise into practical, affordable solutions for UK small businesses. WHAT YOU'LL LEARN: Cyber Essentials certification guidance Protecting against ransomware & phishing attacks GDPR compliance for small businesses Supply chain & third-party security risks Cloud security & remote work protection Budget-friendly cybersecurity tools & strategies PERFECT FOR: UK small business owners (5-50 employees) Startup founders & entrepreneurs SME managers responsible for IT security Professional services firms Anyone wanting practical cyber protection advice Every episode delivers actionable cybersecurity advice that you can implement immediately, featuring real UK case studies Language: en Genres: Business, Technology Contact email: Get it Feed URL: Get it iTunes ID: Get it |
Listen Now...
Detention: The Day 8,000 Children's Data Went Missing
Episode 22
Tuesday, 7 October, 2025
Episode Description Following the Kido nursery breach where 8,000 children's photos were stolen and posted online, we sit down with education sector expert Tammy Buchanan. With 15 years working in UK schools and now consulting on data protection compliance, Tammy reveals the shocking reality of cybersecurity in British education. From nurseries using platforms like Famly and Tapestry to primary schools struggling with basic MFA implementation, this conversation exposes systematic failures that put every child's data at risk. If you're a parent, school governor, or education professional, this episode will change how you think about school security. Currently ranked in the Top 100 Apple Business Podcasts (US) What You'll Learn Why only 50% of schools have multi-factor authentication enabled The difference between early years providers and mainstream schools How photo-rich platforms create unique vulnerabilities for nurseries Why DFE digital standards remain unknown to most schools The governance problem: volunteers without power Who actually gets things done when head teachers won't prioritise security Why schools keep breaches quiet and what that means for parents Practical steps parents can demand from their child's school today The Cyber Essentials challenge for small schools with limited budgets How COVID pushed schools years ahead without proper security foundations Guest Contact Details Tammy Buchanan Senior Data Protection Consultant Data Protection Education Email: info@dataprotection.education LinkedIn: Search for Tammy Buchanan or visit the Data Protection Education company page Website: Data Protection Education Tammy and her team (including a solicitor) work with schools across the UK on data protection compliance, information security, and cyber resilience. They provide free resources and news updates for schools on their LinkedIn page. Resources Mentioned Government and Regulatory: DFE Digital Standards (Department for Education) NCSC (National Cyber Security Centre) staff training resources ICO (Information Commissioner's Office) breach log and guidance Ofsted inspection framework Safeguarding regulations Platforms Discussed: Famly (early years learning journey platform) Tapestry (early years learning journey platform) Arbor (school management information system) Bromcom (school management information system) Security Standards: Cyber Essentials certification Multi-factor authentication (MFA) implementation Incident response planning Additional Resources: The Small Business Cyber Security Guy blog: thesmallbusinesscybersecurityguy.co.uk Data Protection Education news page (free resources for schools) Key Statistics from This Episode 50% or less of schools have MFA enabled 8,000 children's photos stolen in the Kido breach 12 years Tammy worked directly in schools before consulting 15 years Tammy has been in the education sector overall 2030 target date for schools to meet six DFE digital standards Questions Parents Should Ask Their School Do you have multi-factor authentication enabled on all systems? How often do staff receive cybersecurity training? Where is your incident response plan and when was it last tested? Who on the governing body is responsible for data protection and cyber resilience? Are you working towards the DFE digital standards? Which third-party platforms hold my child's data and photos? How do you monitor and configure security settings on these platforms? Key Takeaways For Parents: Schools are having breaches regularly but keeping them quiet Most schools lack basic security like MFA Your child's photos on learning journey apps create unique risks You have the right to ask questions about data protection Schools respond to parental pressure For School Leaders: Documentation matters for ICO compliance Training needs updating regularly, not the same video for three years Incident response plans are useless if nobody knows where they are School business managers need authority, not just responsibility Other schools' examples work better than external expert advice For Governors: Cybersecurity needs to be statutory to get real traction Digital lead on governing body remains unfilled at many schools You need both knowledge and authority to make change happen Physical security analogies help boards understand cyber risks The Big Picture This episode exposes a systematic failure in UK education cybersecurity. Schools operate under crushing constraints with volunteer governance, stretched budgets, and part-time IT support. Meanwhile, they hold treasure troves of children's data on platforms configured by people who lack security expertise. The Kido breach reveals what happens when one password unlocks 8,000 children's intimate moments. Most schools are one credential compromise away from the same fate. Until cybersecurity becomes statutory or linked to Ofsted inspections, progress will remain painfully slow. Connect With The Show Website: thesmallbusinesscybersecurityguy.co.uk Subscribe: Available on all major podcast platforms Social Media: Find us on LinkedIn Help us grow: Leave a review, subscribe, and share this episode with parents, teachers, and school governors who need to hear this message.
