Security
They had the policies and lost £250k anyway
A local family business, a long-time client, genuinely good people, lost £250,000 to a phishing scam. Craig Hume, Managing Director of Utopia Computers, lays bare the reality of security.
J
ust like that. One fake invoice. One email. One change to the supplier’s bank details. One assumption no one thought to challenge. And yes, they had all the right paperwork, a slick security
policy. Cyber insurance, paid up. A supplier onboarding checklist, all neatly stored on SharePoint. But what they didn’t have was a culture where someone felt safe
enough to say: “This feels off. Can we just double-check it?” Nobody wanted to slow things down. The deal was time-
sensitive. Everyone was rushing. And that, in my experience, is the most dangerous time of all,
when something new is expected and you’re in a hurry. I’ll never forget the time I almost fell for it myself. I’d ordered a watch for my son from a new supplier. Birthday
looming. Timing was tight - isn’t it always? A few days later, I received a message from DHL stating that I needed to pay import duty. For a split second, I thought that the price was too good to be true and that the supplier must be overseas. I was on my way to a meeting and didn’t want to delay the
delivery. I nearly clicked. But the wording felt… off. And there it was, a phishing attempt. No watch, no DHL. Just a
slick scam preying on urgency and assumptions. And I nearly fell for it. Me, the one always banging on about
security. So, when I see a client lose £250k because no one felt safe
enough to question an email? I get it. I really do. Because this isn’t just a tech problem. At Utopia, we’ve stopped treating cybersecurity as ‘an IT thing’.
It’s not about who has the best firewall or the hardest-to-guess password. That stuff ’s easy. We’ve got YubiKeys, patching tools, remote monitoring, all the bells and whistles. But the real work? That’s human. It’s building a culture where
someone can say: “I know we’re in a rush, but can someone double-check this?” We created a ‘heartbeat onboarding’ system for new team members, not just handing them a PDF of dos and don’ts, but
24 | July/August 2025
embedding stories and rhythms that encourage curiosity. We use micro-training from Usecure, not for ticking boxes, but for building confidence. And we’ve started sharing that mindset with our clients, from
jewellers to AI researchers buying enterprise-grade rigs. Because we’re not just in the business of building PCs. We’re in
the business of building trust. Most breaches I’ve seen don’t happen because someone’s
careless. They happen because they were rushed, and the timing of a few coincidences meant they didn’t feel the need to ask the question. So here’s my question for you: When was the last time someone
on your team flagged a dodgy email? Would they feel safe enough to say: “I might be wrong, but this doesn’t feel right”? If the answer’s no, then it doesn’t matter how slick your
tech stack is. Security starts with people. And people need psychological safety to speak up. Let’s start there. Let’s build braver, safer teams.
“We created a ‘heartbeat onboarding’ system for new team members, not just handing them a PDF of dos and don’ts, but embedding stories and rhythms that encourage curiosity.”
www.pcr-online.biz
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
