Today’s edition: where convenience continues to quietly undermine security, and everyone acts surprised UK Businesses Urged to Audit AI Tools in Use What’s happening The National Cyber Security Centre and Information Commissioner’s Office are pushing UK businesses to identify and audit all AI tools currently in use, especially those adopted informally by staff. Many SMEs are discovering they’re using far more AI tools than they thought, often without: Security vetting Data agreements Any real oversight Why it matters for SMEs You can’t secure what you don’t even know exists. Which, unfortunately, describes most SME tech environments. “Organisations must understand their digital estate before they can secure it,” notes the National Cyber Security Centre. What you should do Create a simple inventory of all AI tools Identify who is using them and for what Remove or replace unknown or risky services Reference: https://www.ncsc.gov.uk https://ico.org.uk QR Code Phishing (“Quishing”) Attacks Rise in the UK What’s happening Cybercriminals are leaning into QR code phishing, tricking employees into scanning malicious codes that lead to fake login pages or malware downloads. These are appearing in: Emails Posters Fake invoices Delivery notifications Why it matters for SMEs People trust QR codes far more than they should. There’s something about a square full of pixels that screams “this must be safe.” It isn’t. “Users should treat QR codes with the same caution as suspicious links,” advises the National Cyber Security Centre. What you should do Train staff not to scan unknown QR codes Use secure mobile device policies Verify links before entering credentials Reference: https://www.ncsc.gov.uk/guidance Passwordless Authentication Gains Ground — Slowly What’s happening UK businesses are beginning to adopt passwordless authentication, including passkeys and biometrics, reducing reliance on traditional passwords. Platforms like Microsoft and Google are pushing this shift, aiming to reduce phishing and credential theft. Why it matters for SMEs Passwords are still one of the weakest links in security. And yet, people continue to reuse “Password123” like it’s a family tradition. Passwordless options: Reduce phishing risk Improve user experience Cut down credential theft What you should do Enable passkeys where supported Combine with MFA for critical systems Phase out weak password practices “The future of authentication is moving beyond passwords,” says Microsoft. Reference: https://www.microsoft.com/security https://www.google.com/account/security UK SMEs Increasingly Targeted via Social Media Accounts What’s happening Social media accounts are becoming a primary attack vector for UK SMEs. Attackers are targeting platforms like Facebook, Instagram, and X (formerly Twitter). Once compromised, attackers can: Scam customers Run fraudulent ads Damage brand reputation Why it matters for SMEs For many small businesses, social media is the business. Losing access isn’t just annoying. It’s financially damaging. What you should do Enable MFA on all social accounts Restrict admin access Use business account security settings “Account takeovers can have significant reputational and financial consequences,” notes the National Cyber Security Centre. Reference: https://www.ncsc.gov.uk AI Automation Expands — But Oversight Still Missing What’s happening AI-driven automation is spreading rapidly across UK SMEs, from customer service to finance workflows. Tools are being used to: Automate emails Process invoices Handle customer queries But governance is lagging behind adoption. Why it matters for SMEs Automation without oversight can: Amplify mistakes Create compliance risks Damage customer trust It’s efficient… right up until it isn’t. “Automation must be paired with control and accountability,” says Deloitte. What you should do Review automated outputs regularly Keep humans in critical decision loops Test systems before full deployment Reference: https://www2.deloitte.com/uk Final Word (the uncomfortable bit) Most cyber incidents aren’t the result of advanced attacks. They’re the result of: Convenience Assumptions “We’ll deal with that later” Meanwhile, AI is accelerating everything. Good decisions and bad ones. So if your systems feel slightly out of control, that’s not just you. That’s the direction things are heading. The difference is whether you tighten things up now… or explain it later when something goes wrong. We have created Professional High Quality Downloadable PDF’s at great prices specifically for Small and Medium UK Businesses. Which include help and advice on understanding what Artificial Intelligence is all about and how it can improve your business. Find them here. Post navigation UK AI & Cyber Daily Briefing for SMEs: Data Leaks, Hijacking and AI Fatique