Shadow AI is when staff use unapproved AI tools at work, often without realising the risk. It can expose client data, breach GDPR, and widen your attack surface. To prevent the risks of shadow AI, create a policy around AI tool usage, train your staff on approved AI tools, and audit regularly.

What Is Shadow AI?

You have probably heard of shadow IT. Someone installs unapproved software or signs up to a cloud tool without telling anyone. Shadow AI is the same idea, but the risks go further.

Shadow AI refers to the unsanctioned use of artificial intelligence tools by employees, without IT knowledge or sign-off. Gen AI tools are free, fast, and genuinely useful, which is exactly why they spread.

According to a Microsoft survey of UK workers, 71% have used consumer AI tools at work without IT approval, yet most firms have no AI governance in place at all.

Unlike shadow IT, the risk is not just about where your data sits. Generative AI models are cloud-based, meaning anything your staff put in gets processed on external servers, outside your control and can even be retained long after the conversation ends.

What Does Shadow AI Actually Look Like in a Law Firm?

Rushed document drafts

A fee earner copies an internal strategy deck into a free AI tool before a client call. That company data is now sitting on an external server, outside your control.

Browser extensions and AI plug-ins

Someone installs an AI writing assistant as a plug-in. It reads everything they type, including client emails and case notes, often well beyond what the user expected.

Personal account workarounds

According to Menlo Security, 68% of employees used personal accounts to access free AI tools in 2025, with 57% entering sensitive data in the process. Restrict access at work and people find another way, with none of your firm’s security controls in place.

AI features embedded in existing tools

AI capabilities are being built into tools your staff already use, quietly activated through updates. Features embedded in a personal Microsoft account sit entirely outside your security oversight, even if the tool looks familiar.

What Are the Significant Risks for Law Firms?

Data leaks and client confidentiality

Unauthorised AI use means customer data can enter systems you do not control. According to a RiverSafe survey of UK CISOs, 1 in 5 UK companies has already experienced data leakage through employee use of generative AI.

GDPR and SRA compliance violations

Adopting AI tools without proper vetting can put your firm in breach of GDPR. The SRA takes data security seriously, and the EU AI Act is adding further obligations on top.

Inaccurate AI generated outputs

Unvetted AI apps can produce AI generated content that looks authoritative but is simply wrong. In a legal context, an AI-generated draft that contains errors could influence advice or reach a client completely unchecked.

A weaker security posture

Personal accounts have no enterprise security controls, no MFA enforcement, and no visibility from your IT team. By the time most firms know which AI tools are actually in use, a security incident has already forced the question. You can read more about how Labyrinth Technology approaches network security here.

How Do You Mitigate Shadow AI?

Write a policy and make it usable

Define which AI tools are approved, what data can go into them, and how AI generated outputs must be reviewed. Ensure it is brief and simple to understand for everyone in the organisation.

Give people sanctioned AI tools that work

People use unauthorised AI tools because they enhance productivity and there is nothing better on offer. Providing enterprise-grade alternatives removes the incentive and gives security leaders full visibility over AI use. If you are not sure where to start, our digital transformation strategies service helps firms adopt AI properly, with the right governance from the beginning.

Train your staff

Security awareness training is not just for phishing. Your people need to understand what shadow AI is, the AI risk it creates, and how to request approval for tools they want to use.

Audit regularly

New AI tools appear constantly, and the ones your staff are using today may not be the same ones they are using in six months. Regular audits, led by your IT team or provider, keep your approved list current and your exposure visible.

How Labyrinth Technology Can Help

Labyrinth Technology has been supporting law firms in London for over 20 years. We help firms get visibility over unauthorised AI use, build realistic governance frameworks, and put the right cyber security controls in place before shadow AI becomes a serious problem.

Shadow AI is not a future concern. It is happening now. Get in touch for a free consultation and let us help you get on top of it.

We are pleased to announce that Labyrinth Technology is now a NetDocuments partner. We have been working with law firms running NetDocuments for years, and this partnership formalises that relationship.

What is NetDocuments?

NetDocuments is a cloud-based document management system built specifically for law firms. It is the system your firm’s documents and matter files are built around. A large number of UK firms have made it the foundation of how they manage their practice, and adoption has been growing steadily.

If your firm is already on NetDocuments, you will know how much of your day-to-day operation depends on it working reliably. A failed migration or a platform issue has an immediate knock-on effect across the whole practice. Having an IT partner who knows NetDocuments properly means you are far less likely to find yourself in that position.

Why this partnership matters for your firm

As a NetDocuments partner, Labyrinth Technology now has a direct relationship with the platform and its support infrastructure. For you, that means faster resolutions and better-informed guidance when your firm is planning anything significant on the platform.

We have dedicated in-house NetDocuments product owners who work with the platform day to day, which means the support your firm gets is grounded in real working knowledge of it. That knowledge is what makes the difference when something needs to move quickly.

This is not a new area of work for us. We have been supporting firms through NetDocuments implementations and migrations for a number of years. The partnership reflects experience we already had.

What Matt Dunn, CTO and COO at Labyrinth Technology, had to say

“As a specialist IT partner for law firms, we’ve spent a decade helping firms that put NetDocuments at the heart of their practice. Managing matters, documents, and client data with confidence.

NetDocuments is strategically important to our clients, so it’s strategically important to us.

With dedicated in-house NetDocuments product owners, we bring deep platform expertise that will translate directly into faster rollouts, smoother migrations, and ongoing support your team can rely on. We’re proud to formalise that commitment through this partnership.”

How can Labyrinth Technology support you

This partnership sits alongside everything else Labyrinth Technology does for law firms. We support firms across Microsoft 365, network security, backup and disaster recovery, and cloud migrations.

NetDocuments also integrates directly with Microsoft 365, so if we already support your firm’s Microsoft environment, the two areas of support connect naturally.

If you would like to talk through what this means for your firm, get in touch with the team.

Cloud consultancy services help you plan, secure, migrate, and manage your cloud environment so it supports real business goals. With the right cloud consultants, you reduce risk, improve security, control costs, and turn cloud technology into measurable business value, not technical noise.

Why cloud decisions feel harder than they should

Moving to the cloud often sounds simple. In reality, it can feel overwhelming. You are expected to choose platforms, manage data security, control cloud usage, and still keep daily business operations running smoothly. Many companies rush in and later realise they have created tech debt, higher costs, or even security gaps.

This is what cloud consultancy aims to mitigate. Cloud consultancy services exist to guide you through your cloud journey with clarity and structure. The goal is not cloud for the sake of it. The goal is better outcomes for your business, improved efficiency, and a cloud environment that actually works for you.

At Labyrinth Technology, based in London, cloud consulting services are delivered with a practical mindset. The focus stays on your business objectives, your customers, and your long term growth.

What is cloud consultancy?

Cloud consultancy is a professional service that helps you design, implement, and manage cloud solutions in a way that supports your business goals. Cloud consultants work alongside you to understand how your business operates, what challenges you face, and where cloud technology can add value.

This covers your full cloud adoption journey. It includes building a clear cloud strategy, choosing the right cloud computing platform, planning cloud migration, and setting up secure cloud infrastructure. It also includes ongoing management so your cloud environment stays cost efficient, secure, and continuously refined as your business changes.

Good cloud consultancy services are not about selling platforms. They are about using deep knowledge and technical expertise to deliver solutions that make sense for your organisation.

Why is cloud consultancy important for modern businesses?

Cloud technology has huge potential, but without guidance it often leads to confusion and wasted spend. Many companies adopt cloud services without a clear strategy and end up paying for resources they do not use or exposing sensitive information through poor configuration.

Cloud consultancy helps you avoid these mistakes. It brings structure to decision making and ensures your cloud foundation supports your strategic goals, not just short term fixes. It also helps you align cloud transformation with digital transformation across your wider business operations.

With the right cloud consultants, cloud becomes a key component of improving operational efficiency, reducing costs, and accelerating growth. It stops being a technical headache and becomes a business enabler.

How does cloud consultancy support your cloud strategy?

A strong cloud strategy starts with understanding your business objectives. Cloud consulting firms begin by learning how your teams work, how your data flows, and where inefficiencies exist. This allows them to identify opportunities where cloud solutions can improve performance or cut costs.

Cloud consultancy services then translate those needs into a practical plan. This includes choosing between platforms like Microsoft Azure or Google Cloud, deciding how cloud computing fits your operations, and setting clear milestones for your cloud journey.

The strategy is not static. It is continuously refined as your business evolves, ensuring cloud usage stays aligned with business value.

What role do cloud consultants play during cloud migration?

Cloud migration is one of the most critical stages of the cloud adoption journey. Done poorly, it leads to downtime, data loss, or security issues. Cloud computing consultants plan migration carefully to reduce risk and disruption.

They assess your existing infrastructure, applications, and data. They decide what should move, what should stay, and what should be redesigned. This ensures your cloud environment is scalable, resilient, and cost efficient from day one.

Cloud consultants also work closely with your internal teams during migration. This collaboration helps accelerate time to value while keeping staff confident and informed.

How does cloud consultancy improve cloud security and data protection?

Cloud security is often misunderstood. Many breaches happen not because the cloud is insecure, but because it is poorly configured. Cloud consultancy services focus heavily on security as a core part of the solution.

This includes designing secure cloud infrastructure, applying access controls, encrypting sensitive information, and aligning with data protection requirements. Cloud consultants also help you build processes that keep security strong as your cloud environment grows.

Enhanced security protects your data, your customers, and your reputation. It also gives you confidence to adopt advanced technologies like artificial intelligence and gen AI without unnecessary risk.

How do cloud consultancy services help control costs and improve efficiency?

Cloud is often seen as cost saving by default, but without oversight it can become expensive. Cloud consultancy services help you understand cloud usage and ensure resources match real demand.

Consultants review how your cloud services are used and identify areas where you can reduce costs or improve performance. This might involve resizing infrastructure, automating processes, or redesigning workloads for better efficiency.

The result is a cloud environment that supports business operations while remaining cost efficient and scalable.

How does cloud consultancy support innovation and growth?

Cloud consultancy is not only about stability. It also plays a key role in innovation. A well designed cloud foundation allows you to experiment safely, adopt new technology, and respond faster to market changes.

Cloud consultants help you use cloud computing to accelerate growth, improve customer experiences, and unlock business value from data. This includes supporting edge computing, artificial intelligence, and advanced analytics as part of your wider digital transformation.

By aligning cloud technology with strategic planning, cloud consultancy turns cloud into a platform for long term innovation.

What ongoing management is needed after cloud adoption?

Cloud adoption does not end after migration. Ongoing management is essential to keep your cloud environment secure, efficient, and aligned with business goals.

Cloud consultancy services include monitoring, optimisation, security reviews, and regular strategy updates. This ensures your cloud infrastructure evolves with your business and continues to deliver benefits of cloud over time.

Working alongside experienced consultants gives you peace of mind that your cloud remains a reliable part of your operations.

Why choose Labyrinth Technology for cloud consultancy services?

Labyrinth Technology keeps cloud consultancy practical and business focused. The aim is simple, make cloud work for your business, not the other way around.

As an IT support provider, Labyrinth Technology works alongside you to understand your business goals, risks, and existing systems before recommending cloud solutions. Advice is clear, realistic, and based on experience.

Security is built into every cloud environment from the start. Sensitive data stays protected, cloud usage stays under control, and costs are managed properly. Support does not stop after migration. Ongoing management keeps your cloud strategy aligned as your business grows.

If you want cloud consulting services that are clear, secure, and focused on real outcomes, Labyrinth Technology is the right partner.

Turning cloud potential into real business outcomes

Cloud consultancy services help you move beyond uncertainty and unlock cloud’s potential in a controlled and practical way. With expert guidance, cloud becomes a tool for improving efficiency, reducing costs, and supporting innovation, not a source of risk or confusion.

If you are planning a cloud migration, reviewing your cloud security, or trying to get more value from your cloud services, Labyrinth Technology can help. Our cloud consulting services are designed to support your business goals with clarity, security, and long term thinking.

Get in touch with our team today to discuss how cloud consultancy can support your business and deliver real, measurable outcomes.

Understanding what is insider threats is crucial for any SME looking to protect its data and operations. Insider threats happen when current or former employees, contractors, or third-party vendors misuse their legitimate access to steal, leak, or damage sensitive data. These threats can be malicious, negligent, or accidental, and they’re often harder to detect than external attacks. Effective prevention relies on layered security controls, continuous monitoring, user behaviour analysis, and strong security awareness training. At Labyrinth Technology, we help businesses identify and prevent insider threats through managed security services, access management, and tailored cybersecurity strategies that protect your data and keep your operations secure.

What is Insider Threats?

Insider threats refer to security risks that come from within your organisation. In simple terms, it’s when someone with legitimate access, like an employee, contractor, or business partner, uses that access to harm your business, intentionally or accidentally.

Not all insider threats come from malicious insiders looking for financial gain or revenge. Some arise from negligent insiders who mishandle confidential data or fall for phishing scams. Others stem from human error, like sending sensitive information to the wrong person or using weak passwords that expose login credentials.

An insider threat can involve stealing intellectual property, leaking customer information, downloading malware onto the organisation’s network, or sharing trade secrets with a competitor or foreign government. Because these individuals already have insider access, their actions often go unnoticed until the damage is done.

Nearly a quarter of UK SMEs surveyed believe that employees will steal sensitive or proprietary data for profit or competitive advantage, while 35% believe negligent insiders are a rising risk.

What are the Types of Insider Threats?

Insider threats generally fall into three main categories: malicious, negligent, and accidental.

Malicious insider threats come from individuals who deliberately exploit their access for personal or financial gain. They may steal intellectual property, leak confidential information, or sabotage business operations. These insider attacks often involve former employees or those with privileged access who still have valid credentials.

Negligent insider threats are the result of carelessness. An employee might ignore security policies, use personal devices on the organisation’s internal network, or fall for social engineering techniques that give threat actors remote access to systems.

Finally, accidental insider threats happen when well-meaning staff make mistakes, such as misconfiguring security controls or emailing confidential data to the wrong recipient. Though there’s no malicious intent, the outcome can still be a serious data breach.

Regardless of type, insider threats can disrupt business operations, damage reputation, and result in financial loss or regulatory penalties.

Why do Insider Threats Matter to SMEs?

Many small and medium-sized businesses assume that insider threats only affect large corporations with thousands of employees. Unfortunately, that’s far from the truth. SMEs are often more exposed because they have fewer dedicated security professionals and weaker access management controls.

A single insider attack can lead to severe consequences: loss of customer data, intellectual property theft, or even a complete halt in operations. Since insiders already have legitimate access to critical assets, they can bypass many security systems designed to stop external threats.

SMEs also tend to rely on third-party vendors and business partners, which increases risk further. A compromised supplier or contractor can easily become an entry point for an insider threat within your supply chain.

Protecting your organisation means thinking beyond firewalls and antivirus software. You need a strategy that accounts for human behaviour, access privileges, and early detection of suspicious activity.

How do Insider Threats Manifest in a Business Environment?

Insider threats manifest in many subtle ways. A malicious insider might slowly collect sensitive data over weeks, sending small files outside the company to avoid detection. A negligent employee could click a phishing link that installs malware and allows a threat actor to gain access to your systems.

Sometimes, a former employee still has active user credentials and uses them to steal trade secrets or disrupt operations. Other times, the risk comes from legitimate users who are manipulated through social engineering techniques into giving away privileged access.

Common signs of insider threats include unusual login times, unexplained data downloads, changes in user behaviour, or spikes in network traffic. The problem is that these technical indicators often blend in with normal activity, making them difficult to spot without continuous monitoring.

How Can Organisations Identify These Threats?

Detecting insider threats requires both technology and human awareness. You need visibility into user activity across your network, including who accesses what, when, and how often. Security teams use tools that analyse user behaviour, flagging suspicious patterns such as abnormal file transfers or attempts to access confidential data outside someone’s job role.

However, identifying insider threats isn’t just about monitoring systems, it’s also about fostering a culture of awareness. Employees should feel comfortable reporting suspicious behaviour or potential security incidents without fear of blame. Regular security awareness training helps staff recognise phishing scams, understand the importance of protecting login credentials, and stay alert to the signs of insider risk.

At Labyrinth Technology, we help businesses set up continuous monitoring and user behaviour analytics tools that detect potential insider threats early, before they cause real damage.

What are the Best Practices to Prevent Insider Threats?

Preventing insider threats starts with knowing your people, your data, and your access points. Begin by limiting system access to only those who truly need it. Apply the principle of least privilege, which ensures each employee has just enough access to do their job but no more.

Implement strong access management policies and enforce multi-factor authentication to protect user credentials. Regularly review permissions, especially when employees change roles or leave the company. Make sure any remote access is properly secured and logged.

Training is equally important. Security awareness training should be ongoing, not just a one-off exercise. Teach your team how to identify phishing attempts, handle confidential data safely, and follow the organisation’s security policies.

Technical measures also play a crucial role. Deploy monitoring tools that track user activity and network traffic, alerting you to any suspicious behaviour or signs of data exfiltration. Encrypt sensitive data wherever possible, both in transit and at rest.

Finally, establish a clear incident response plan. Knowing how to respond quickly to an insider attack can reduce the impact of a data breach and protect your reputation.

How Can Labyrinth Technology Help Prevent Insider Threats?

At Labyrinth Technology, we help businesses take a proactive approach to insider threat management. Our managed security services include continuous monitoring, advanced access controls, and tailored cybersecurity frameworks that reduce your exposure to internal threats.

We assess your organisation’s network for vulnerabilities, implement robust security policies, and deploy monitoring tools that detect unusual user behaviour. Our team also supports you with practical guidance on employee training, privileged access management, and data protection.

We understand that not all insider threats are malicious. Some come from employee error or a lack of awareness. That’s why our approach combines both technology and education to protect your critical assets and prevent data breaches before they occur.

By partnering with Labyrinth Technology, you gain more than an outsourced IT team, you gain a trusted security partner dedicated to protecting your business and keeping your data safe.

What Should You Do Next?

Insider threats are a growing concern for every business, especially as hybrid work and remote access become the norm. Whether it’s a negligent insider, a malicious actor, or simple human error, these risks can cause serious harm to your organisation.

Understanding how to identify, detect, and prevent insider threats is the first step. The next is putting the right systems and processes in place.

If you want expert help to strengthen your defences, protect your sensitive information, and stop insider threats before they disrupt your business operations, get in touch with Labyrinth Technology today.

The Kido cyber attack saw hackers steal personal data of more than 8,000 children from a UK nursery chain. A ransomware group called Radiant threatened to publish sensitive information to pressure the company into paying. This case shows the growing risk of ransomware attacks on schools and nurseries, the vulnerability of third-party systems, and the lasting damage of a data breach involving children. For SMEs, the lesson is clear: robust cyber security and active monitoring are essential. At Labyrinth Technology, we protect London businesses with outsourced IT support, tailored security solutions, and practical defences against ransomware.

The Kido cyber attack

When news broke of the Kido nursery hack, it made headlines not just in the UK but worldwide. A nursery chain, trusted with the most personal details of young children and their families, had been targeted by cyber criminals. Sensitive information was stolen, parents were threatened, and the reputation of the company was shaken overnight.

It is one of the most disturbing examples of how far ransomware groups will go. And for small and medium-sized businesses, it is a reminder that cyber attacks no longer stop at banks or tech firms. If a nursery can be breached, so can any organisation that holds valuable data.

What happened in the Kido cyber attack?

Last week, a ransomware group called Radiant claimed responsibility for breaching Kido International, a nursery chain with sites in London and beyond. They said they had stolen records of around 8,000 children.

To prove it, they posted profiles of ten children on a leak site, showing names, photos, home addresses, dates of birth, and even safeguarding notes. Parents were later contacted directly in an attempt to force pressure on the nursery.

Although Radiant later claimed they deleted the data after massive media coverage and public backlash, trust was already lost. Investigations suggested weaknesses in third-party systems were the likely entry point, a common issue in many SME data breaches.

What does the Kido ransomware attack mean for SMEs?

The attack on Kido shows that cyber criminals targeting education and childcare providers are prepared to exploit sensitive data for profit. For SMEs, the message is clear. Hackers do not discriminate based on company size or sector. They go after whoever appears vulnerable.

This means that your business, no matter how small, is a potential target. If you hold personal or financial information, you need the same level of vigilance as larger companies. A data breach can bring fines, lawsuits, and reputational damage that some SMEs will not survive.

Reliance on third-party suppliers is another weak link. Whether it is a childcare management platform, payroll system, or booking tool, an attack on your supplier can put your business at risk. Supplier vetting and strong contracts are just as important as protecting your own systems.

What was the outcome of the Kido nursery hack?

The outcome has been serious. Families are angry, regulators are watching closely, and Kido’s reputation has been badly harmed. Even though the hackers claimed to remove the leaked child profiles, there is no way to guarantee those files are gone forever.

This is a key lesson for businesses. Once sensitive data is stolen, it is out of your control. Criminals may resell it or use it years later. Paying a ransom rarely means safety. Prevention must always be the priority.

How can SMEs protect against a ransomware attack?

Protecting your business from a cyber attack requires more than a firewall. You need a layered approach. Multi-factor authentication should be standard. Backups need to be frequent, secure, and tested. Software updates must be applied quickly to close off vulnerabilities.

You also need people on your side. Most attacks begin with phishing emails, so staff training is essential. Teach your team to spot suspicious links and report them.

Monitoring systems can give you visibility. If you can detect unusual activity, you have a chance to stop an attack before it escalates. And every SME should have an incident response plan. A written, rehearsed strategy can make the difference between swift recovery and total chaos.

How Labyrinth Technology helps SMEs stay secure

At Labyrinth Technology, we provide outsourced IT support in London with security at the core. We know SMEs face the same threats as larger companies but without the same resources. That’s why we focus on practical, affordable measures that work.

We build layered protection into your systems, monitor activity in real time, patch vulnerabilities before they are exploited, and back up your data securely and make sure recovery is possible when you need it most.

We also go beyond the technology and train your staff to recognise risks and work with you to strengthen your supply chain security. If an incident does occur, our team acts fast to contain and resolve it.

Most importantly, we aim to stop you ever becoming the next victim of a ransomware group like Radiant.

Why the Kido cyber attack matters beyond one nursery

The Kido data breach is more than a nursery story. It is proof that cyber criminals are willing to go to shocking lengths. If nurseries are on the target list, every SME is too.

For parents, the idea of their child’s data being traded online is devastating. For business owners, the equivalent is the loss of customer trust, financial penalties, and public shame. The message could not be clearer: protect your data before someone else takes it.

Lessons from the Kido cyber attack

The Kido nursery hack is one of the most unsettling breaches in recent memory. It exposed thousands of children’s personal details, involved direct threats to parents, and shook trust in a respected childcare provider.

For SMEs, it should be a wake-up call. Protect your systems. Review your suppliers. Train your staff. Back up your data. Monitor activity. And make sure you have a partner you can rely on.

At Labyrinth Technology, that’s what we deliver. We keep your business resilient, so you never become the next name in a cyber criminal’s ransom note. Get in touch today!

Kering Cyber Attack and Data Breach: In June 2025, luxury group Kering confirmed a cyber attack that exposed limited customer data, including names, contact details, and purchase amounts. The incident, claimed by hacker group ShinyHunters, reportedly affected over 7 million email addresses. While no payment data was taken, the breach highlights how personal information can fuel phishing and fraud. For SMEs, the lesson is clear: strong backups, multi-factor authentication (MFA), regular patching, staff training, and clear incident response plans are essential for resilience.

What Happened at Kering?

Kering, the parent company of brands like Gucci, Balenciaga, and Alexander McQueen, confirmed it had suffered a cyber incident. Attackers gained unauthorised access to customer information. Kering said no financial data was involved, but names, emails, phone numbers, postal addresses, and total spend amounts were affected.

Hacking group ShinyHunters claimed responsibility. They told reporters the breach involved 7.4 million email addresses, although Kering has not confirmed the number. By September, media outlets were reporting on leaked samples, showing how far the data had spread.

The key point is this: the damage didn’t require stolen credit cards. Contact details and spend profiles alone are enough for cybercriminals to launch convincing phishing campaigns.

Why Cyberattacks Don’t Stay in IT

It is tempting to think of data breaches as a problem for “the IT team.” The Kering Cyber Attack and Data Breach shows that’s not true. Once sensitive information is exposed, the impact runs through the entire business.

Customers lose trust. High-value clients may be targeted with tailored scams. Regulators take an interest. Reputational damage lingers.

For SMEs, the same principle applies. If your customer list is exposed, attackers will use it to send phishing emails, impersonate your brand, and exploit your reputation. A breach is not just about data, it is about your operations, your sales, and your future growth.

Cyber Security Best Practices for Businesses

The Kering case highlights simple but powerful lessons that SMEs can act on today.

Backups and Recovery Planning

Keep tested backups of critical systems. Store at least one offline, beyond the reach of ransomware. Test restores often. A backup is only useful if it works when you need it.

Multi-Factor Authentication and Access Control

MFA is essential. It makes stolen passwords far less useful. Review admin accounts and cut down access where possible. The fewer privileged accounts you have, the smaller your risk surface.

Regular Patching and Updates

Attackers often exploit weaknesses that already have a fix. Apply updates for your operating systems, applications, and security tools. Regular patching is one of the cheapest and most effective defences you can deploy.

Monitoring and Detection

Prevention is never perfect. Tools like endpoint detection can help you spot suspicious behaviour before it spreads. Even basic monitoring of logins, email forwarding, or unusual file access can give you early warning.

Staff Awareness and Training

In the Kering incident, leaked contact details could be used for phishing. Staff need to recognise suspicious messages, fake invoices, or refund requests. With training, your people go from being a risk to being part of your defence.

Incident Response and Communication Plans

When something goes wrong, clarity saves time. Write down who shuts down systems, who informs staff and customers, and who deals with regulators. A short, practical incident response plan helps you recover faster and with less confusion.

The Wider Business Impact of Cyber Incidents

The Kering Cyber Attack and Data Breach proves that a breach doesn’t need to involve stolen credit cards to be costly. Exposure of personal data creates reputational damage, legal obligations, and targeted fraud risks.

For SMEs, the stakes are just as high. Ask yourself: if your client database leaked, how would you explain it to customers? Could you still trade confidently while dealing with regulatory investigations or public questions?

Cyber incidents don’t just hit IT. They hit your ability to operate.

Why Every Business Is a Target

You might think criminals only bother with global brands like Kering. In reality, small and medium-sized businesses are often easier prey. You may not have an internal security team. You may not patch every system on time. That makes you an attractive target.

Hackers look for weak links, not big names. If your defences are thin, you’re on their radar.

How Labyrinth Technology Can Help

At Labyrinth, we work with SMEs across London to build resilience against exactly these risks. Our role is to make cyber security practical, not complicated.

We help you put the basics in place: strong MFA, regular patching, secure backups, and clear incident response plans. We also support your people with training, so phishing emails and social engineering attempts don’t catch them out.

Because even with best practice, incidents can still happen, we guide you in setting up monitoring and recovery that fits your budget. That way, if you do face a breach or ransomware attack, you can get back on your feet quickly.

Cyber security isn’t about endless tools or big spending. It is about making sure your business can keep running when things go wrong. That’s where we step in.

Cyber Security as Business Continuity

The Kering Cyber Attack and Data Breach is a warning to businesses everywhere. It shows that cyber incidents are not just about stolen data, they are about continuity, resilience, and reputation.

By acting now with tested backups, enforced MFA, regular patching, real monitoring, staff training, and a written response plan, you protect more than just information. You protect your ability to serve customers, pay staff, and grow your business.

At Labyrinth Technology, we help SMEs build that resilience. Don’t wait for an attack to expose the gaps in your defences. Get in touch today.

Telecoms should be straightforward. You sign a contract, pay a fixed amount, and get a service that supports your business. But for many small businesses in the UK, that’s no longer the case. Telecoms costs are fast becoming a hidden expense that’s draining budgets, increasing stress, and tying businesses into contracts they never meant to sign.

If you’re confused by your telecom bills, locked into a long contract, or paying over the odds for basic services, you’re not alone. And you don’t have to put up with it.

We’ll break down what’s really happening, why so many small businesses are struggling, and how Labyrinth can help you take back control of your telecoms and IT support.

What Do We Mean by Telecommunications?

Telecommunications refers to the services and equipment your business uses to communicate. This includes phone systems, broadband, mobile contracts, and related software or hardware. For most small businesses, having reliable telecoms is essential. It keeps you connected to your clients, your team, and the services you rely on.

But while the technology has improved, the contracts behind it have become more complex. A simple monthly cost can quickly become a long-term financial burden if you don’t fully understand the contract terms.

Why Telecoms Costs Have Become a Problem for Small Businesses

A recent investigation by the BBC revealed that thousands of small businesses across the UK are being charged inflated telecom prices through lengthy finance deals. These deals often involve renting phones or equipment at a price that far exceeds their value, and many business owners say they weren’t fully aware of what they were signing up for.

One example is Gary Pride, who runs a small graphic design business in Bradford. He’s now paying over £54,000 to rent just five phones and some basic software. The stress of these payments has affected his health and nearly pushed his business to the brink.

Mr Pride, like many others, received an initial offer with a low monthly fee. This followed by a steep increase after a two-year “introductory period”. When the bills soared, he felt he had no choice but to renew. This added more years and more debt to the original agreement.

These contracts often involve third-party finance companies, and many small business owners say the sales pitch didn’t match the actual contract. Some were rushed into signing, weren’t told about extra charges, or were encouraged to agree to upgrades that only made the situation worse.

Experts told the BBC that some companies were charging “outrageous” prices for these systems, selling basic phone services at many times the industry standard. They also charged customers for features like call logs and maintenance, even though other providers often include these services as standard.

To make matters worse, business contracts don’t come with the same protections as consumer ones. Without a cooling-off period, many businesses remain tied in for five to seven years, with no affordable way to exit early.

What Labyrinth Can Do to Help

At Labyrinth Technology, we work with small and medium-sized businesses across London and beyond, helping them take control of their telecom and IT services. We’ve seen these problems first-hand, and we know how damaging they can be, not just financially, but emotionally too.

Here’s how we help.

At Labyrinth, we start by assessing your current telecom setup in detail. We review your contracts to spot any hidden fees or confusing terms. Many small businesses don’t realise they’re tied into costly leasing deals or end up with duplicate contracts through “upgrades.” We help you understand exactly what you’re paying for and where you might be overpaying.

Next, we recommend smarter telecom options tailored to your business. Using our expertise with VoIP phone systems and trusted providers like 8×8, we deliver solutions that offer clear, transparent pricing and the flexibility you need. Additionally, we design a cloud-based phone system or upgrade your current setup to deliver the best fit without unnecessary costs.

We integrate your telecom services into your wider IT strategy. We set budgets that work for you, monitor contract timelines, and help prevent sudden price hikes. On top of that, we provide ongoing support and maintenance, so you get reliable service and don’t have to worry about day-to-day telecom issues.

Our goal is to give you peace of mind and control over your telecom expenses. With the right advice and modern, reliable technology like Labyrinth’s VoIP solutions, you can stop wasting money and focus on growing your business, not stressing over your phone bill.

Moving Forward

It’s clear the telecoms industry still has work to do. Regulators like Ofcom are starting to take notice, and new rules on pricing transparency are coming in 2025. But until then, small businesses need to be proactive and aware of their telecoms costs.

If you’re worried about your telecoms costs, or just want someone to take a proper look at your setup, get in touch. At Labyrinth, we offer honest advice and real solutions. Whether you’re based in London or further afield, we’re here to help.

Telecoms should support your business, not hold it back. Let us show you how.

At Labyrinth Technology, we know how overwhelming the cyber threat landscape can feel, especially for small and medium businesses. Whether you’re just starting to develop a cyber security strategy or you’ve already faced a cyber attack, staying informed is crucial. Here are 20 essential cyber security facts and statistics to help you identify cyber security risks, understand what’s at stake, and strengthen your cyber defences.

Cyber Security Facts and Stats

1. 29% of small businesses in the UK experienced a cyber attack in the last year.

[Source: UK Government Cyber Security Breaches Survey]

If you think cyber crime is only a problem for large companies, think again. Small and medium businesses are a favourite target because they often don’t have a formal cyber security strategy or in-house security teams. It’s vital to take preventative steps early. Start with Cyber Essentials, ensure basic controls are in place, and educate your staff on common threats.

2. The average cost of a cyber security breach for a UK business is £19,400.

[Source: Nybble]

That number isn’t just a scare tactic. It reflects real financial costs, including downtime, lost data, recovery, and reputational damage. For medium businesses, this could severely affect operations. This is where risk management, cyber insurance, and regular backup and recovery planning come in.

3. Phishing attacks remain the most common form of cyber attack in the UK.

[Source: UK Government Cyber Security Breaches Survey 2025]

Phishing is cheap, easy for criminals to launch, and still incredibly effective. These emails or messages trick users into handing over credentials or downloading malware. Training your team regularly on how to spot phishing attacks is non-negotiable. Use email filtering, multifactor authentication, and reporting systems for suspicious messages.

4. The larger the business, the more likely they are to experience cyber crime.

[Source: UK Government Cyber Security Breaches Survey 2025]

Don’t let this fact fool you. Even small and medium businesses are not safe at all. Breaches and attacks have become the norm for so many businesses that even as your business scales, your cyber security strategy needs to scale too. It was reported that 18% of micro businesses experienced cyber crime, 25% for small businesses, 43% of medium businesses, and 52% of all large businesses have experienced cyber crime.

5. In 2025, the most common source of information and guidance was external cyber security consultants, IT consultants or cyber security providers.

[Source: UK Government Cyber Security Breaches Survey 2025]

Businesses like Labyrinth Technology are the main source of information for cyber security, security risks information, and security breaches. Get in touch with us and we can help you protect against any potential breaches and attacks!

6. Ransomware attacks surged by 50% in the final three months of 2024, building on the 100% increase that had already happened in the three months prior.

[Source: Norton]

Ransomware is now one of the most feared types of attack. It encrypts your data and demands payment. Backup strategies, employee awareness, endpoint protection, and external reporting to national cyber security authorities all form part of a strong response.

7. 82% of ransomware attacks target small businesses.

[Source: Bit Defender]

Cyber criminals know that smaller companies are more likely to pay the ransom to get their data back. Don’t make yourself an easy target. Use offline backups, restrict user access to sensitive data, and make sure your antivirus software is up to date.

8. The cost of cyber crime is expected to hit $10.5 trillion globally by 2025.

[Source: Cybersecurity Ventures]

This isn’t just an IT issue. It’s a business issue. Every part of your company can be affected, from sales and finance to customer service. That’s why cyber security needs to be discussed at the senior management level. It’s about protecting the future of your business.

9. The National Cyber Security Centre blocked over 2.7 million cyber attacks in one year.

[Source: NCSC Annual Review]

That’s just the tip of the iceberg. The NCSC helps shield the UK’s digital infrastructure, but your company is still responsible for its own cyber defences. Don’t assume you’re safe just because you’re not a big name. Threats are everywhere, and many are automated.

10. 59% of organisations that suffered their first software supply chain attack did not have a response strategy. 

[Source: Purplesec]

You might trust your suppliers, but if they get breached, you could too. Attackers often use smaller businesses as a way into bigger networks. Ask suppliers about their cyber security practices. Include them in your own security audits and reviews.

11. 60% of small businesses shut down within six months of a major data breach.

[Source: BZBIT]

This is a shocking stat, but it’s real. The combination of reputational damage, legal fallout, and financial loss can be too much to recover from. Having a security strategy in place reduces that risk. Prevention really is better than cure here.

12. 95% of cyber security breaches are caused by human error.

[Source: Info Security]

It’s easy to blame the IT team when something goes wrong, but most breaches come down to people making mistakes. Training, strong password policies, and limiting access to sensitive information can reduce the risks posed by everyday actions.

13. Malware attacks increased by 87% last year.

[Source: Tech Target]

Malicious software comes in many forms, and it’s getting smarter. Once it’s inside your system, it can steal data, spy on activity, or shut everything down. Keep all software up to date, monitor your systems for unusual behaviour, and use antivirus tools properly.

14. 38% of UK businesses has no cyber insurance.

[Source: UK Government Cyber Security Breaches Survey 2025]

Cyber insurance isn’t just a nice-to-have anymore. It helps cover costs linked to recovery, legal claims, and reputational management. If you’re serious about risk management, speak to an expert and get covered. It could be the difference between survival and collapse.

15. 74% of internet users worry about the safety of their personal information online.

[Source: Bit Defender]

Your customers care about how you handle their data. A major data breach won’t just cost you financially, it’ll cost you trust. Make privacy a part of your brand. Be transparent, follow best practices, and show customers that you value their sensitive data.

16. Cyber criminals are using AI to make attacks more convincing.

[Source: Akamai]

We’re now seeing deepfake phishing scams and AI-written malware. As cyber threats become more advanced, your defences must evolve too. Invest in smarter security tools, review your strategy often, and stay informed about the latest cyber crime statistics.

17. 85% of UK organisations experienced a phishing scam in the last year

[Source: UK Government Cyber Security Breaches Survey 2025]

It’s not a question of “if” you’ll get hit with phishing attacks, but “when.” Simulated phishing training, reporting tools, and multi-layered email filtering can help protect your users from clicking the wrong link.

18. Lost or stolen credentials are the root cause of 61% of data breaches

[Source: Think Digital Partners]

Weak, reused, or shared passwords are still a major cyber security risk. Use password managers, require multi-factor authentication, and restrict admin access. Make sure your team knows never to share login details, even internally.

19. The average ransomware demand is now over £1,500,000.

[Source: Sophos State of Ransomware Report]

Paying a ransom doesn’t guarantee you’ll get your data back. It also puts a target on your back. Build your defences so you’re not forced into that decision. Test your backups, isolate infected systems quickly, and involve external experts if needed.

20. Cyber security jobs are growing three times faster than other tech roles

[Source: Techerati]

That tells you just how serious the threat is. There’s a growing demand for skilled professionals, which means small businesses need to think strategically. If you can’t build an in-house team, consider outsourcing to specialists like Labyrinth to protect your systems.

How Labyrinth Can Help Your Company

At Labyrinth Technology, we provide tailored cyber security solutions for small and medium businesses that don’t have the time or resources to manage everything internally. From building a robust cyber security strategy to managing day-to-day protection and compliance, we take the pressure off your shoulders. Our team can help you meet Cyber Essentials and Cyber Essentials Plus standards, monitor for unusual activity, train your staff, and implement powerful security tools that fit your business and budget. We also offer support in preparing for and responding to security breaches, ensuring that your business bounces back quickly if the worst happens.

Cyber threats are always evolving, but so are we. We stay up to date with the latest trends, tools, and threat intelligence to keep your business ahead of the curve. Whether you need advice on cyber insurance, help with securing your supply chain, or guidance after a cyber incident, we’re ready to help.

Conclusion: Stay Informed, Stay Protected

Cyber crime isn’t slowing down, and no business is too small to be targeted. These cyber security facts and statistics highlight just how serious the risks are, but they also show what you can do to reduce your exposure. With a strong cyber security strategy, regular training, and the right technology in place, you can protect your business and build trust with your clients.

If you’re ready to take cyber security seriously, Labyrinth Technology is here to support you. Get in touch with us today to find out how we can help you secure your systems, protect your data, and prepare for whatever the cyber threat landscape throws your way.

If you run a business today, you’re handling data, whether it’s customer contact details, employee health records or marketing information. And when you’re handling personal data, you’re legally responsible for keeping it safe, using it properly and storing it securely. This is exactly what the Data Protection Act 2018 is all about.

But with so much information out there, it’s easy to feel overwhelmed. That’s where we come in.

At Labyrinth Technology, we provide IT support and managed services for small and medium-sized businesses, helping you stay compliant with data protection laws, avoid data breaches, and safeguard your reputation. Let’s walk you through the 8 principles of the Data Protection Act, and show you what they really mean for your business in easy to understand language so your head doesn’t get dizzy.

What is the Data Protection Act 2018?

The UK Data Protection Act 2018 sits alongside the General Data Protection Regulation (GDPR). It gives you the rules you need to follow when processing personal data. That includes anything from names and emails to more sensitive information like religious beliefs or political opinions.

Whether the data’s digital or part of an organised paper filing system, if you’re collecting, storing, using or deleting personal details, you’re subject to these rules.

The Act is designed to protect people, referred to as data subjects, by giving them rights over their data. It also puts responsibilities on data controllers, which means any business or person deciding how and why data is processed.

And the heart of it all? The eight principles of data protection.

Why do the eight data protection principles matter?

The 8 principles of the Data Protection Act aren’t just a legal box-ticking exercise. They’re the foundation for trust, compliance and best practice. They help you protect personal data stored in your systems, stay in line with UK data protection laws, and avoid penalties from the Information Commissioner’s Office (ICO).

If you don’t follow them, you risk more than fines. You could damage your reputation, lose customer confidence, or even face legal claims.

Understanding these guiding principles means you can shape your own data protection policies, train your team effectively, and ensure all personal data you handle is processed fairly, lawfully and securely.

The eight principles of data protection – in practice!

Let’s break down each principle and show how it applies to your day-to-day work.

1. Personal data must be processed fairly and lawfully

This means you can’t collect or use someone’s data unless you have a clear and legal reason. That might be because the person gave you explicit consent, you’re under a legal obligation, or it’s in the vital interests of the person, for example, in a medical emergency. You also need to be open about what data you collect, why, and how it will be used.

2. Data must be obtained for specified, lawful purposes

You can’t collect data for one reason and then use it for something else without telling the person. This is all about fair and lawful use. So, if a customer gives you their email to receive a receipt, you can’t automatically start sending them marketing emails, unless they’ve agreed to that.

3. Data must be adequate, relevant and not excessive

This is known as the data minimisation principle. It means you should only collect the data you actually need. So, if someone’s buying a product online, asking for their ethnic origin or political opinions probably isn’t appropriate. Keeping data collection to the minimum also reduces risk if there’s a data breach.

4. Data must be accurate and kept up to date

This is the accuracy principle. Out-of-date or inaccurate data can lead to all sorts of issues, from sending products to the wrong address to breaching someone’s rights. It’s important to have regular processes for checking and updating your records, and to let people correct their information.

5. Personal data must not be kept for longer than necessary

This is the retention principle. You need to decide how long you really need to keep personal details. For example, CVs from job applicants who didn’t get the role shouldn’t be stored for years. Create a retention policy so you’re not holding on to data longer than needed.

6. Personal data must be processed in line with individuals’ rights

People have the right to access their data through a subject access request, and to request changes or even erasure in some cases. You must have a way to respond to these requests quickly and fully. It’s all part of being transparent and respecting your customers’ privacy.

7. Data must be kept secure

This is the security principle and one of the most crucial. You must take steps to protect data against unauthorised or unlawful processing, accidental loss, or access by unauthorised staff. This could involve strong passwords, encrypted storage, secure backups and organisational measures like staff training and limited control.

8. Data must not be transferred to other countries without adequate protection

If you send personal data outside the European Economic Area (EEA), you need to be sure the receiving country has similar data protection laws. You can’t just email customer data to a server based abroad without checking the legal side.

What does this means for your business?

These principles aren’t optional. They’re legal requirements. But beyond that, they help build a culture of trust and accountability. For small and medium-sized businesses, understanding and applying these principles can feel daunting, but that’s where we can help.

At Labyrinth Technology, we support businesses in developing and maintaining practical, effective data protection policies. Whether you’re building internal systems, moving to the cloud, or training staff, we help you reduce the risk of unauthorised processing, ensure processed lawfully compliance, and stay on top of evolving data protection legislation.

We make sure that personal data stored in your systems is secure, relevant, and handled with care. We help you avoid data breaches, simplify your record-keeping, and prepare for subject access requests or audits from the ICO.

Our team can assess your current setup, highlight any gaps, and work with you to build a more secure, compliant organisation.

What are the best practices to adopt right now?

Start with the basics. Keep a clear record of what personal data you collect and why. Update your privacy policies. Limit who has permission to use the sensitive information. Encrypt laptops and cloud backups. Train staff to spot phishing emails and understand their responsibilities under the UK Data Protection Act.

You need to make sure you’re ready to respond to access requests and have procedures for deleting data once it’s no longer needed. And if you’re sending data to third parties, like payroll providers or marketing platforms, check they meet UK standards.

Finally, have a clear process in place for handling a data breach, should one happen. The quicker you respond, the less damage is done.

Conclusion

The 8 principles of the Data Protection Act are here to protect people and support fair business practices. They ensure that customer data and other personal details are treated with respect and security, helping you stay compliant, trusted and professional.

As a small or medium-sized business, you don’t need to be overwhelmed by complex data protection legislation. With the right help, you can turn it into a strength, not a headache.

At Labyrinth Technology, we specialise in working with businesses just like yours. Whether you need advice, practical solutions, or full IT support, we’re here to help you meet your obligations, protect your customers and grow with confidence.

If you’d like a no-obligation chat about your data protection policies, compliance challenges, or IT setup, get in touch today. Let’s make your data work for you!