Domain security sits in a gap most businesses have never audited. If a contractor registered your domain years ago and the relationship has since ended, you may not control one of the most critical pieces of your infrastructure — including all your business email. This piece explains what that exposure looks like and what to check before it becomes a crisis.
A personal device signs into a work email account. That device is already compromised. Before the morning is out, spoofed payment requests have gone to suppliers with changed banking details. This piece examines how personal device security sits outside the perimeter most SMEs actively protect — and what rapid account compromise detection looks like when it works.
VPN and MFA are good controls — but attackers have adapted their techniques to work around both. Si Futures explains adversary-in-the-middle attacks, MFA fatigue, and why managed threat detection is the next essential layer for any serious security posture.
Cloud compliance doesn’t transfer automatically when you move data off Microsoft 365. Si Futures’ Security and Compliance Specialist Sean Rogers examines who owns accountability when you self-host — and the seven questions every business should ask their IT provider.
The UK’s Cyber Security and Resilience Bill is raising the bar on what businesses and their IT providers must prove. Si Futures explains what the legislation means for UK SMEs, why managed service providers are now directly in scope, and why Cyber Essentials certification is the practical starting point.
An investment company’s brand name was exposed across an open global domain landscape.
• Business impact: impersonation risk, homograph attacks invisible to spam filters, no legal standing from manual registrations
→ Domain brand protection closes 710 TLD extensions and 108,603 character variants automatically.
The most common route into an SME network is not a sophisticated attack — it is a firewall setting that was wrong from the start, or that drifted over time. Nicholas Broderick explains how benchmarking against CIS standards turns assumption into accountability.
Most organisations assume their people know how to handle a phishing email. A structured Human Firewall trial reveals what they actually know — and gives management a concrete, measurable baseline to act on.
A travel consultancy contacted Si Futures because they could not send or receive email — not because of anything they had done wrong, but because their hosting provider had been compromised. This is the DNS security risk most businesses never think about: the infrastructure you rely on sits in someone else’s hands, and their security posture becomes yours by default
