What areas does Attenu8 cover for IT support?

Attenu8 provides managed IT support across Hertfordshire, London, Essex, and surrounding counties. We support businesses both remotely and on-site.

How quickly does Attenu8 respond to IT issues?

Attenu8 has a 15-minute average first response time for IT support issues. Critical issues are prioritised immediately through 24/7 monitoring.

Is Attenu8 Cyber Essentials certified?

Yes, Attenu8 is Cyber Essentials certified. We also help clients achieve Cyber Essentials certification as part of our cyber security services.

Does Attenu8 offer fixed-price IT support?

Yes. Attenu8 operates on a fixed monthly pricing model with no hidden charges or surprise call-out fees. You know exactly what you are paying from day one.

How long has Attenu8 been providing IT support?

Attenu8 was founded in 2003. With over 20 years of experience, we have been delivering managed IT support and services to businesses across Hertfordshire and London.

What is a managed IT service provider?

A managed IT service provider (MSP) acts as your external IT department. Instead of hiring in-house IT staff, you get a full team of IT engineers for a flat monthly fee, covering helpdesk, monitoring, cyber security, and strategic IT planning.

Does Attenu8 support Microsoft 365?

Yes. Attenu8 provides Microsoft 365 migration, management, and ongoing support including licensing advice, Teams, Exchange email, SharePoint, and security hardening.

How does onboarding work with Attenu8?

Onboarding starts with a free IT audit. We provide a fixed-price proposal and handle the full transition. Most clients are fully onboarded within one week with no disruption to their business.

She Thought It Was From Her Boss

It was a Tuesday morning. Nothing unusual.

Sarah handled the accounts for a small business in Hertfordshire. Twelve employees, decent turnover, the kind of company that runs on trust and familiarity. She’d worked there for six years.

At 9:14am, an email arrived from the managing director.

It asked her to process an urgent payment to a new supplier. £14,200. The company had been expecting to bring on new contractors, so it wasn’t out of context. The email had his name. His usual sign-off. The tone was exactly right.

She processed the payment.

At 11:30am, the MD walked past her desk and asked how her morning was going. She mentioned the payment. He had no idea what she was talking about.

The email hadn’t come from him.

The money was gone.

What actually happened

This type of attack is called Business Email Compromise, or BEC. It doesn’t involve malware, hacked systems, or anything technically impressive. The attacker simply registered a domain that looked almost identical to the company’s real one. One letter different. Easy to miss when you’re not looking for it.

They’d done their research too. LinkedIn told them who the MD was. The company website told them enough about the business to make the email convincing. The rest was timing and confidence.

Sarah hadn’t done anything stupid. She’d done what most people would do. She trusted an email that looked completely legitimate, from someone she worked with every day, about something that fitted into normal business operations.

That’s exactly why it worked.

This isn’t rare

BEC fraud costs UK businesses hundreds of millions of pounds every year. It’s one of the most financially damaging types of cybercrime, and it almost never makes the news because the businesses it hits are too small to be newsworthy and too embarrassed to talk about it.

It works on small businesses specifically because small businesses run on trust. There’s less process, fewer approval steps, and more reliance on people just getting things done. Attackers know this.

Three things that would have stopped it

None of these are complicated. None require significant investment.

A simple payment policy. Any new payee or change to bank details requires a phone call to confirm. Not a reply email. A phone call. This one rule stops BEC fraud dead in most cases.
Sender verification. Email filtering that flags messages from lookalike domains is a standard feature of Microsoft 365 and Google Workspace when configured correctly. Many businesses have it turned off or misconfigured.
A culture where it’s okay to check. Sarah didn’t want to bother the MD over what seemed like a routine request. That hesitation is natural and completely understandable. But a five-second Teams message would have saved £14,200.

What happened to Sarah

She wasn’t fired. The MD understood that she’d been deceived, not negligent. But the money was gone and the relationship between them was never quite the same. That’s the part that doesn’t show up in the fraud statistics.

The business recovered. Not every business does.

If you want to know whether your current setup would have caught this, get in touch. It’s usually a quick conversation.

James
Attenu8 IT Support

← Back to all articles