{"id":27425,"date":"2026-04-10T07:00:59","date_gmt":"2026-04-10T05:00:59","guid":{"rendered":"https:\/\/smecyberinsights.co.uk\/?p=27425"},"modified":"2026-04-28T14:31:05","modified_gmt":"2026-04-28T12:31:05","slug":"filing-fiasco","status":"publish","type":"post","link":"https:\/\/smecyberinsights.co.uk\/index.php\/2026\/04\/10\/filing-fiasco\/","title":{"rendered":"SME Cybersecurity: Filing Fiasco – What the Companies House WebFiling issue means for SMEs"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"Partners1_NordVPN\"<\/figure><\/div>
\"Partners3_R3\"<\/figure><\/div>
\"Partners2_Zoho\"<\/figure><\/div>
\"Partners4_Plesk\"<\/figure><\/div>
\"Red_Button_Slider\"<\/figure><\/div>
\"ogo2\"<\/figure><\/div>
\"Detection.<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"SECURUS\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"SME\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
Image Credit: Companies House<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Gibraltar:\u00a0 Friday, 10 April 2026 \u2013 07:00 CET<\/p>\n

SME Cybersecurity: Filing Fiasco – What the Companies House WebFiling issue means for your business
\n<\/strong>By: Iain Fraser<\/a>\u00a0\u2013\u00a0Cybersecurity Journalist
\n<\/a>Published in Collaboration with:
\nSecurus Technology Group
\n<\/a>SMECyberInsights.co.uk<\/a>\u00a0– First for SME Cybersecurity
\n<\/a>Google Indexed on: 100426 at 08:20 CET<\/a>
\n#SMECyberInsights #SMECybersecurity #SMECyberInsights #SME #CyberSafe #CyberSecurity #Cybersecurity #CompaniesHouse #FilingFiasco<\/em><\/p>\n

\ufeff<\/span>\ufeff<\/span><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

SME Cybersecurity: Filing Fiasco – What the Companies House WebFiling issue means for your business<\/strong><\/p>\n

When a core public register stumbles, criminals do not waste time. The Companies House WebFiling security issue is a timely reminder that SME cybersecurity is not just about your laptops and firewalls; it is about the accounts, portals, and identity checks you rely on to trade, borrow, hire, and prove you are legitimate.<\/p>\n

Most directors only look at Companies House when filing is due or something goes wrong. That is exactly the gap attackers exploit, especially when they can combine portal access with stolen email credentials and believable \u201curgent\u201d payment requests.<\/p>\n

What happened, and why should UK SMEs care?<\/strong><\/p>\n

Companies House published an update on a WebFiling security issue. Even without the technical detail, the practical SME takeaway is clear: your organisation\u2019s \u201cofficial identity surface\u201d can be attacked via third-party systems, not just your own network<\/strong>.<\/p>\n

For SMEs, the risks tend to cluster around:<\/p>\n

* Account takeover:<\/strong>\u00a0criminals use stolen passwords from previous breaches, or phished credentials, to access online services.<\/p>\n

* Filing fraud and impersonation:<\/strong>\u00a0changes to officer details, registered office, or filings can create confusion with banks, insurers, suppliers, and customers.<\/p>\n

* Business email compromise:<\/strong>\u00a0attackers compromise a mailbox, then pivot to finance processes, invoice redirection, and \u201cdirector requests\u201d.<\/p>\n

This is part of the wider pattern. The UK Government\u2019s Cyber Security Breaches Survey 2024 found 50% of businesses<\/strong> reported a cyber breach or attack in the previous 12 months, showing how routine compromise has become across UK small business cyber threats.<\/p>\n

What does \u201cportal security\u201d actually mean in plain English?<\/strong><\/p>\n

A portal is any online service where your business identity and transactions live. Companies House WebFiling is one; HMRC services, Microsoft 365, your bank platform, your pension provider, and your practice management system are others.<\/p>\n

Portal security means you can answer three questions, quickly:<\/p>\n

* Who can log in?<\/strong>\u00a0Named users, not shared logins or \u201cadmin@\u201d.<\/p>\n

* How do they prove it is them?<\/strong>\u00a0Multi-factor authentication (MFA), not just a password.<\/p>\n

* What happens if it goes wrong?<\/strong>\u00a0A simple cyber incident response plan, with steps to lock accounts and notify the right parties.<\/p>\n

In practice, weak portal security becomes expensive because the clean-up hits cashflow, reputation, and director time, not just IT.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"SME\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

What SME cyber security best practices reduce filing and identity risk fastest?<\/strong><\/p>\n

These are realistic actions for budget-conscious SMEs, including those with outsourced IT or a part-time admin team.<\/p>\n

1. Turn on MFA everywhere it exists, starting with email<\/strong>
\nPrioritise Microsoft 365 or Google Workspace first. Email compromise is the gateway to password resets on every other service.<\/p>\n

2. Remove shared admin accounts and create named access<\/strong>
\nIf your accountant, company secretary, or an internal admin files on your behalf, ensure access is tied to individuals. This aligns with Cyber Essentials access control expectations.<\/p>\n

3. Set up \u201cchange alerts\u201d and a monthly five-minute check<\/strong>
\nPut a recurring calendar reminder for a director or finance lead to review key company details and recent filings. Fast detection limits downstream damage.<\/p>\n

4. Harden your password reset process<\/strong>
\nUse a password manager, unique passwords, and lock down recovery emails and phone numbers. This is phishing protection for SMEs in the real world.<\/p>\n

5. Add payment controls that stop invoice redirection<\/strong>
\nRequire out-of-band verification for any bank detail change. One phone call to a known number can prevent a six-figure loss.<\/p>\n

6. Get the Cyber Essentials basics in place<\/strong>
\nEven if you do not certify yet, implementing Cyber Essentials controls improves endpoint security for small business teams and gives you a defensible baseline.<\/p>\n

Where compliance and evidence fit: NCSC, ICO, UK GDPR<\/strong><\/p>\n

Regulators rarely care that you are \u201ctoo small\u201d; they care whether you took reasonable steps. The ICO expects appropriate UK GDPR security measures, including access control and breach readiness. NCSC guidance for small organisations and Cyber Essentials provide a clear, UK-recognised standard of \u201creasonable\u201d.<\/p>\n

Keep simple evidence:<\/p>\n

* MFA enabled screenshots for key systems
\n* a list of named portal users and leavers removed
\n* incident response contacts and steps on one page
\n* proof of patching and anti-malware coverage for endpoints<\/p>\n

Download the SME Cyber Insights \u201cPortal Security Pack\u201d: a one-page checklist covering MFA, named access, filing-change monitoring, and invoice fraud controls, mapped to Cyber Essentials.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"SECURUS\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

SECURUS Communications Ltd<\/strong><\/p>\n

Securus<\/a> <\/strong>is a managed communications Operator, providing next-generation network infrastructure and value added services to Managed Hosting providers and the ‘cloud generation’\u200b of enterprises. Securus<\/a> <\/strong>priority is to offer communication services that represent excellent value for money and are backed by exceptional levels of support.<\/p>\n

Contact Securus<\/strong>
\nSecurus Communications Ltd
\nStation Road, Landmark house, Hook, England RG27 9HA, GB
\nT: Enquiries:\u00a003451 283457<\/span><\/a>\u00a0| Service Desk: 03451 283458<\/a>
\nSecurus on LinkedIn<\/a> | Securus on “X”<\/a> | https:\/\/securuscomms.com<\/a><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t

\n\t\t\t\t\t<\/span>\n\t\t\t\t\tLatest Posts from SECURUS Communications<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t<\/h2>\n\t\t\t<\/div>
\n\n
\n
\n\n
\n \n \n \"AI-Powered <\/a>\n\n \n