Most businesses only discover an email authentication problem when something breaks. This post explains how SPF, DKIM and DMARC determine whether your email is trusted — and why getting them right is as much a security decision as a deliverability one.
Cyber Security
The 6am Call: Why Verification Is Your Most Important Security Control
What happens when the 6am standby call sounds completely legitimate — but something still feels wrong? Nicholas Broderick on the verification process that protects MSP engineers and clients when AI voice cloning makes impersonation almost indistinguishable from the real thing.
Your Microsoft 365 Audit Logs Are Harder to Use Than You Think
Microsoft 365 audit logs retain 180 days of activity — but the compliance portal wasn’t built for serious investigations. Rudie de Vries explains the retention ceiling, bulk extraction via PowerShell, and what happens when the clock runs out mid-investigation.
Your Business Domain: Who Actually Owns It?
Domain security sits in a gap most businesses have never audited. If a contractor registered your domain years ago and the relationship has since ended, you may not control one of the most critical pieces of your infrastructure — including all your business email. This piece explains what that exposure looks like and what to check before it becomes a crisis.
When a Personal Device Becomes a Business Risk
A personal device signs into a work email account. That device is already compromised. Before the morning is out, spoofed payment requests have gone to suppliers with changed banking details. This piece examines how personal device security sits outside the perimeter most SMEs actively protect — and what rapid account compromise detection looks like when it works.
Why VPN and MFA Are No Longer Enough
VPN and MFA are good controls — but attackers have adapted their techniques to work around both. Si Futures explains adversary-in-the-middle attacks, MFA fatigue, and why managed threat detection is the next essential layer for any serious security posture.
Who Owns Compliance When You Leave Microsoft’s Umbrella?
Cloud compliance doesn’t transfer automatically when you move data off Microsoft 365. Si Futures’ Security and Compliance Specialist Sean Rogers examines who owns accountability when you self-host — and the seven questions every business should ask their IT provider.
What the Cyber Security and Resilience Bill Means for UK SMEs
The UK’s Cyber Security and Resilience Bill is raising the bar on what businesses and their IT providers must prove. Si Futures explains what the legislation means for UK SMEs, why managed service providers are now directly in scope, and why Cyber Essentials certification is the practical starting point.
Closing Every Door Before Someone Else Opens It
An investment company’s brand name was exposed across an open global domain landscape.
• Business impact: impersonation risk, homograph attacks invisible to spam filters, no legal standing from manual registrations
→ Domain brand protection closes 710 TLD extensions and 108,603 character variants automatically.
