Security Theatre Exposed — Passkeys, the CISA Leak, and the Hidden Value in Your Cyber Insurance

Episode notes

In this urgent episode of The Small Business Cybersecurity Guide, hosts Noel Bradford, Mauven McLeod and Graham Faulkner bring together three experts to answer one question: why you’re doing security wrong and what practical steps will actually protect your business. We cover four pressing, unconnected problems that share the same root cause — a massive gap between perceived and real security. Dr. Sarah Chen explains passkeys in plain English: how they remove the shared secret that makes passwords vulnerable, why they defeat phishing, credential stuffing and most brute-force attacks, and exactly how small businesses should pilot them this week. She outlines a three-step rollout (check your identity platform, pilot with five users, support them through setup), recovery and accessibility considerations, device and cost guidance, and the measurable benefits — including dramatically fewer password reset tickets. Former US government cyber analyst Corinne Jefferson unpacks the CISA ChatGPT incident, where the acting director uploaded sensitive government contracting documents to public ChatGPT despite an approved internal alternative.