Microsoft 365
July 2026
5 Microsoft 365 Settings Worth Checking in Your Tenant
Microsoft has tightened several Microsoft 365 defaults over the past few years, but those changes do not always apply retroactively. Tenants set up before 2022, or configured by a previous IT provider and left alone since, often still have legacy settings in place around file sharing, external email forwarding, third-party app consent, audit log retention, and MFA enforcement. Five settings worth verifying.
Read article
Cybersecurity
July 2026
How Small Business Ransomware Attacks Work (And How to Protect Against Them)
Most ransomware operations target small businesses at volume, running through dozens of prospects per month. A 22-person company can be researched in 40 minutes using public records, attacked using session-token theft after a single phishing click, and ransomed within a week. What follows is a step-by-step walkthrough of how that attack unfolds, written from the attacker's perspective, plus the five specific controls that would have stopped it. Each control is included in security tools small businesses already pay for.
Read article
Business Continuity
July 2026
How to Answer Cyber Insurance Renewal Questions Without Voiding Your Policy
Cyber insurance applications have grown longer because of specific claim trends from 2023 and 2024, including the MOVEit supply-chain breach, the Change Healthcare ransomware incident, and the Arup deepfake wire fraud. Each new section asks about specific security controls including immutable backups, layered MFA, callback verification on wires, EDR or MDR coverage, vendor risk, and tested incident response. Answers that overstate your security posture can trigger rescission after a claim, meaning the policy is treated as if it never existed.
Read article
Productivity
July 2026
How to Prepare Microsoft 365 Permissions for a Safe Copilot Rollout
Microsoft 365 Copilot retrieves files, emails, and chats using each user's existing Microsoft 365 permissions. In most tenants, those permissions are broader than anyone has mapped, because access accumulates across years of projects and staff changes. A safe Copilot rollout begins with auditing those permissions, fixing the gaps, and applying sensitivity labels to confidential content. Microsoft publishes specific guidance on this cleanup, structured into a pilot, deploy, and operate sequence.
Read article
Backups
July 2026
What Immutable Backup Means on Your Cyber Insurance Form
Immutable backups are backup copies that nobody can change or delete during a fixed retention period, including administrators and attackers using stolen credentials. Cyber insurance carriers ask about them on renewal applications because ransomware operators routinely destroy backups before encrypting production systems. A backup sitting on your network under regular admin credentials does not qualify.
Read article
Managed IT
July 2026
Why Bad Onboarding Is the Real Cause of Messy Offboarding
Offboarding is the final step of a process that started on the employee's first day. Shared logins, forgotten SaaS subscriptions, untracked personal devices, and client relationships locked inside one person's inbox are almost always traceable to informal onboarding shortcuts taken months earlier. Tightening the onboarding side turns each future departure into a 90-minute checklist instead of a three-week cleanup.
Read article
Cybersecurity
June 2026
Adversary-in-the-Middle Attacks: How Phishing Sites Steal Your Active Login
Adversary-in-the-Middle (AiTM) attacks are a modern phishing technique that steals active login sessions, not just passwords. Understanding how AiTM works helps businesses reduce exposure to phishing-resistant sign-ins, tighter session controls, and faster detection of suspicious access.
Read article
Scams
June 2026
Is Your Invoice a Deepfake? Securing Your Accounts Payable Process Against Voice and Email Cloning
AI-enhanced fraud is changing how criminals target finance teams, especially Accounts Payable. Attackers can use AI to produce convincing emails, realistic invoices, and even cloned voices that bypass the red flags teams once relied on. The most effective defence combines stronger verification steps, tighter payment processes, and a culture where pausing to confirm details is always supported.
Read article
Productivity
June 2026
Stop the Bleeding: How Revoking Admin Rights Eliminates Support Tickets
Local admin rights used to make software installs and troubleshooting faster, but today they create avoidable risk and constant support noise. Removing admin access reduces malware exposure, limits configuration drift, and eliminates common ticket types caused by unapproved installs and high-impact setting changes.
Read article
Business Continuity
June 2026
The “Zombie” SaaS Audit: Finding the 3 Apps Your Former Employees Still Access
Most businesses remove a departing employee’s email access quickly, but leave their SaaS access scattered across other tools. Zombie accounts are the leftover logins, tokens, and permissions that remain active after someone leaves or changes roles. A practical SaaS offboarding audit finds where these accounts hide and closes them before they turn into a security incident.
Read article
Business IT
June 2026
What Is Passkey Migration and How Can It Help Your Team Eliminate Passwords?
Passwords remain a leading cause of breaches, yet most teams still rely on them for daily access. Passkey migration replaces passwords over time with device-bound, cryptographic credentials that can’t be phished, reused, or stolen from a server. This shift reduces credential risk and helpdesk friction, and most teams already have the core infrastructure needed to begin.
Read article
Cybersecurity
June 2026
Why Human Habits Are Your Biggest Security Risk
Personal web habits are one of the least visible cybersecurity risks businesses face, especially when work and personal life share the same devices, browsers, and identities. Routine behaviour like checking personal email, reusing passwords, or signing into familiar apps can expose business data without anyone intending it. The safest approach reduces exposure with clear guardrails, stronger defaults, and practical coaching rather than restrictive rules that drive workarounds.
Read article