An expert on how to ensure your business is cybersecure

How secure is your business? How secure are the actions you take to ensure the company you work for is secure? With near-weekly announcements of well-known brands being subject to cyber attacks, is 2026 the year you get on top of your cybersecurity?

Last year, a Vodafone Business Cybersecurity Threat Report shared some scary statistics that should have made business owners sit up and listen. It claimed that the financial impact of cybercrime is expected to rise by nearly 50% in the next three years due to the advance of AI speed and intelligence and that 94% of businesses said they felt unprepared for this new type of threat.

The report told us that 69% of small to mid-sized organisations don’t have the right security measures in place to safely deploy these technologies and 28% of businesses would be at risk of shutting down after just one ransomware attack. Sobering statistics, yet chances are many of those who read them are still continuing their same old daily routine and hoping that they won’t become a statistic. I know this because I am one of them.

I have known Fabio Cerullo, Managing Director of Cycubix, for a few years now. He’s my go-to person when I write about cybersecurity, and every time we talk, we start with the same conversation; is this the year I actually take the advice I put into my articles? This year, I’m putting my words into action.

In the same way as you have to update your social media skills, marketing skills and AI skills for modern business today, you really should be keeping up with your cyber resilience skills, as well as those of your co-workers and employees. Business owners owe this to their clients and customers, too.

“The website that only has a username and password, and no second factor authentication, will be breached, or it has already been breached,” says Cerullo. His company Cycubix provides knowledge and expertise to secure critical information and protect organisations against cyberattacks. We have reached a point where the basics no longer apply and even the upgrade on the basics – two-factor authentication or multi-factor authentication – still needs careful implementation. Cerullo warns that if you are using two-factor authentication or multi-factor authentication, you might want to consider moving away from SMS prompts, as texts can be intercepted, and opt for one of the authenticator apps like the Microsoft Authenticator or Google Authenticator.

“I don’t know any of my passwords, not a single one,” he goes on to explain. “If you’re using a password manager like 1Password, LastPass, Apple’s password app or KeePass (best for techies), you only need to know the password to your password manager. In terms of generating the passwords, I let the tool generate the passwords for me,” he says.

An added layer to your password security would be swapping out the many passwords you may struggle to keep track of and embracing the use of passkeys into your security remit. “Passkeys involve having a physical element – your phone or your laptop to unlock that passkey; without them, it will not work. So even if bad actors are able to phish your credentials, they will not physically have your devices, so the attack will fail,” says Cerullo. “There is a big push for passkeys, and it’s been supported nowadays more and more by the likes of Microsoft and Google.”

Cyber breaches rarely make the mainstream news unless it is a well-known brand or it has a huge impact, like the HSE ransomware attack of 2021. But with something that can have such a devastating impact on your business (remember that 28% of businesses would be at risk of shutting down after just one ransomware attack statistic you read earlier), it’s wise that you keep abreast of what is going on in the world of cybersecurity. Cerullo has provided a list of online publications where you can keep updated on the latest threats and hacks: The Register, The Record, KrebsOnSecurity, CyberScoop, Dark Reading, SecurityWeek, Wired (Security), Ars Technica (Security) and BleepingComputer.

Cycubix also has a very informative YouTube channel where you and your team can find some great videos to improve your skills and broaden your understanding of security for your business. This video on Social Engineering might be the perfect watch party for your company.