TwoPlus1 Limited

TwoPlus1 Limited Most small businesses don’t need an internal IT team but do have distinct requirements that can’t be met from off-the-shelf packages.

Founded in 2004 to provide tailored IT services to the small businesses community, TwoPlus1 has experience working with clients based in the UK, Europe and the US and from a wide range of industry sectors including architecture, design, manufacturing and photography. This is the niche that TwoPlus1 was created to fill. We consult directly with business owners and managers to understand and quantif

y their current IT needs, delivering a suite of tools specific to their unique circumstances and designed to scale as they grow. Through nearly two decades of operation, we have constantly updated our services to provide the latest and most trusted digital tools available to provide for our clients’ development. Our flexibility and tailored approach to providing IT services has never been more relevant, particularly as we all navigate the changing working environment brought about by recent events. We specialise in migrating email and data from traditional on-site infrastructure to the cloud and supporting Microsoft 365 to enable our clients to ensure business continuity wherever they find themselves working, seamlessly, while maintaining peace of mind through industry-leading data security and recovery should anything unforeseen occur. We understand the technology that drives business and our approach focuses on delivering the highest levels of cybersecurity and customer service. From remote/flexible working solutions to web hosting, domain management and fully automated services for email, password and data backup we offer a complete range of services to enable our clients to focus on their work, secure in the knowledge that the digital side of their business, and their data, is in safe hands. Find out why TwoPlus1 is your trusted partner for IT solutions and web services today.

Most cyber incidents don’t start with hackers smashing through firewalls.They start with small gaps, reused passwords, m...
13/04/2026

Most cyber incidents don’t start with hackers smashing through firewalls.

They start with small gaps, reused passwords, missed updates, or even a rushed click.

Easy mistakes to make.

This is where good cyber hygiene comes in…

There’s a phishing campaign doing the rounds that skips email entirely 🫨 And you guessed it: That’s what makes it effect...
12/04/2026

There’s a phishing campaign doing the rounds that skips email entirely 🫨

And you guessed it: That’s what makes it effective 😬

Security researchers have uncovered a targeted attack aimed at executives and IT admins, delivered through LinkedIn messages.

The setup is deliberately convincing.

The victim is contacted about a job opportunity or a business project. Nothing obviously suspicious.

The message includes a download link to what looks like a relevant document. It’s often named to match the person’s role, like a product roadmap or project plan.

Click the link, and a file downloads.

It’s a self-extracting archive created with WinRAR, which opens like a normal folder.

Inside are several files that appear legitimate, including a PDF reader.

So far, everything looks routine.

When the document is opened, though, something else happens behind the scenes: The PDF reader loads a malicious file bundled alongside it.

This technique is called DLL sideloading, which is a way of sneaking harmful code in by hiding it next to a trusted application.

Because the program itself looks legitimate, security tools are less likely to raise an alarm straight away.

From there, the attack digs in 😰

It creates a startup entry, so it keeps running after a reboot, then launches a small Python tool that runs entirely in memory.

That tool opens a communication channel back to the attacker, giving them remote access to the machine.

At that point, the system is effectively under someone else’s control.

What’s worth paying attention to isn’t just the technical detail, it’s the delivery method 📧

The researchers were very clear that phishing no longer lives only in inboxes. Social platforms, messaging apps, and search results are increasingly being used because they feel informal and familiar.

We’re also less conditioned to be suspicious there, especially when the approach feels personalised and professional.

And LinkedIn is particularly attractive. It’s rich with role information, company context, and people who are used to receiving unsolicited outreach.

That makes it easier to tailor messages that don’t feel random.

The uncomfortable lesson here is that “I didn’t get an email” doesn’t mean “I wasn’t phished”.

Any platform that allows direct contact and file sharing can be abused. Especially when it’s used daily on work devices and trusted by default.

👉 When a message feels relevant, personalised, and arrives through a professional platform, what would make you hesitate before you click?

11/04/2026

Always flicking back and forth between two web pages? Chrome has a built-in way to keep them both in view at the same time…

It might sound odd, but scam calls don’t only arrive by phone anymore 📵Increasingly, they show up inside the tools we us...
10/04/2026

It might sound odd, but scam calls don’t only arrive by phone anymore 📵

Increasingly, they show up inside the tools we use every day.

Microsoft is adding a new protection to Teams called Brand Impersonation Protection, designed to make those moments a little safer.

The idea is straightforward.

When you get a Teams call from an external contact you’ve never interacted with before, Teams will automatically check whether that caller appears to be impersonating a well-known organisation.

That could be a bank, a government department, or another trusted brand.

If something looks suspicious, Teams will show a warning before you answer the call ⚠️

You’re free to take it, block it, or end it, but you’re given extra context to help you make your decision.

If the warning signs don’t go away, the alert can remain visible during the call.

This is aimed at social engineering attacks - situations where someone isn’t breaking in technically but talking their way in instead.

The goal is usually to create urgency and pressure, so you act before stopping to think 🤔

The feature will be enabled by default, which means it doesn’t rely on someone remembering to turn it on.

Microsoft has recommended that your support teams be ready for questions, as employees may start seeing new alerts and want reassurance about what they mean.

This change sits alongside other security improvements already being rolled into Teams, including better detection of malicious links and dangerous file types in messages.

What’s interesting is what this says about how work tools are being used.

With Teams now used by hundreds of millions of people each month, it’s no longer just a place for meetings and messages. It’s a solidly trusted tool for businesses. And attackers know it.

This update won’t eliminate scam calls, but it will add a moment of friction where it counts, helping people pause and reassess instead of reacting on autopilot.

🧐 When a call comes through a platform you trust, what helps you decide whether it deserves your attention or your caution?

Your team is busy every day.Full calendars. Constant messages. Plenty of effort.So why does progress still feel slow?Whe...
08/04/2026

Your team is busy every day.

Full calendars. Constant messages. Plenty of effort.

So why does progress still feel slow?

When nothing’s broken but work feels stuck, the issue usually isn’t people.

It’s the setup they’re working inside…

Here’s a scam that’s unsettling precisely because it doesn’t look like a scam at all 😬Researchers have uncovered a techn...
07/04/2026

Here’s a scam that’s unsettling precisely because it doesn’t look like a scam at all 😬

Researchers have uncovered a technique that abuses something most of us barely think twice about: Team invitations.

The attackers create accounts on OpenAI (the company behind ChatGPT and other AI tools) and then get creative with the organisation name field.

Instead of a normal company name, they drop in a phone number or a link that looks official or urgent 🚨

They then use the “invite your team” feature.

The email lands in your inbox from a real OpenAI address.

Nothing’s spoofed or hacked. It looks exactly like the kind of message you’d expect from a platform you already trust.

That’s what makes it dangerous ☠️

The message itself might claim a subscription has just renewed for a large amount. Another version might push a questionable offer.

They’re mostly designed to make you act fast and call a number straight away 📞

That’s where things often escalate into a voice scam, with someone applying pressure in real time.

What’s particularly uncomfortable is how subtle this is.

The research noted that many of these emails do contain small oddities in wording or layout. But when the sender looks legitimate, it’s easy to skim past those details and focus on the supposed problem instead.

In a workplace setting, the risk multiplies.

The same invitation can be sent to several people at once, increasing the odds that someone clicks or calls before stopping to think it through.

There’s no silver bullet here, but the basics still matter.

Unexpected invitations deserve a pause, even if they come from a well-known service.

Links are worth hovering over before clicking.

Phone numbers in emails shouldn’t be trusted at face value.

And multi-factor authentication, that extra login step with a code, remains one of the best safety nets if something slips through.

The bigger takeaway isn’t really about OpenAI or invitations at all. It’s about how trust is being repurposed.

Features designed to help people collaborate are now being used as social engineering tools.

The platform isn’t broken, the assumption that “this looks legit, so it must be safe” is.

💭 When an email looks routine and comes from a name you recognise, what makes you stop and double-check before you act?

06/04/2026

What if a password your team hasn’t used in years could still open the door to your business?

No hacking drama. No clever tricks. Just old login details quietly doing damage.

This is exactly how a recent cyber incident caught businesses out. It’s a threat many business owners don’t see coming

There’s a subtle change coming to online scams. And it’s not the kind you’re watching out for 👀When generative AI first ...
05/04/2026

There’s a subtle change coming to online scams. And it’s not the kind you’re watching out for 👀

When generative AI first arrived, there was a lot of talk about dynamic websites.

Pages that wouldn’t be built once and shown to everyone, but generated on the fly, shaped by your location, device, behaviour, even what you typed to get there.

That future never really showed up.

But it turns out someone’s very interested in it.

Security researchers have been exploring how this idea could be used in phishing attacks, and the results are uncomfortable at best 😬

Let me explain…

You click a link and land on a webpage that looks harmless.

There’s no obvious malware. Nothing suspicious for security tools to grab hold of.

But once the page loads, it asks a legitimate AI service to generate code in real time.

That code is then assembled and run directly in your browser.

The outcome is a fully working phishing page created especially for your visit.

Different code each time. No fixed “bad page” to analyse. Nothing obvious moving across the network.

Which makes traditional detection much harder.

To reassure you, this is mostly proof-of-concept right now.

The researchers didn’t say they’ve seen this exact technique used live yet. But they were clear that all the pieces already exist.

AI is already being used to write heavily disguised JavaScript.

AI-assisted malware and ransomware are increasing fast.

Dynamic code ex*****on on compromised machines is already common.

Put that together and dynamically generated phishing pages start to feel less like science fiction and more like a preview.

The conclusion is that this is where scams are heading.

Detection will still be possible, but it will rely more on behaviour and context, not just spotting a known “bad” website.

They also flagged tighter controls around which AI tools are allowed at work, and stronger security in AI platforms themselves.

The bigger shift here is psychological.

We’re used to thinking “that page looks fake”. But what happens when the page looks different every time?

🤔 Consider this: If scams stop being static and start being personalised, what will you rely on to decide what’s real and what isn’t?

Microsoft has taken another big step in the AI arms race 🤖This time it’s with Maia 200. A brand-new AI chip designed and...
04/04/2026

Microsoft has taken another big step in the AI arms race 🤖

This time it’s with Maia 200. A brand-new AI chip designed and built by Microsoft itself.

Now, before your eyes glaze over at the word chip 😴 I promise, this matters to everyday businesses…

AI tools don’t just exist in the cloud. They run on real, physical hardware inside data centres.

The faster and more efficient that hardware is, the better AI tools perform. And the cheaper they are to run at scale.

Maia 200 is the next generation of Microsoft’s own AI hardware.

It’s purpose-built for AI workloads, meaning it can run very large AI models using fewer machines, less power, and less wasted effort.

Simply put: More work done, with less kit 💪

This also explains why Microsoft is doing it.

By designing its own AI chips, Microsoft can make Microsoft Azure a faster and more efficient place to run AI than rivals, like Amazon Web Services and Google Cloud.

Whoever controls the hardware gets a big say in performance, pricing, and reliability.

And this isn’t a future promise.

Microsoft is already using Maia 200 to power parts of Microsoft 365 Copilot and its internal AI platforms.

It’s rolling out across US data centres first, with more regions to follow, and developers and researchers are being invited to test it early.

You don’t need to understand the technical specs to spot the pattern 🚀

AI is shifting from a clever feature to foundational infrastructure, like electricity, internet, or cloud computing before it.

The businesses building that infrastructure now are shaping how powerful, affordable, and dependable AI becomes for everyone else.

So, here’s the question I’ll leave you with 👇

When AI becomes as ordinary as email in business, do you want to be playing catch up or ahead of your competitors?

Here’s a counter-intuitive AI tip I didn’t expect to be sharing 🤖Being mean to ChatGPT can sometimes get you better answ...
01/04/2026

Here’s a counter-intuitive AI tip I didn’t expect to be sharing 🤖

Being mean to ChatGPT can sometimes get you better answers.

Before you ask, no, I’m not having a bad day 🤣

Tools like ChatGPT and Microsoft Copilot are what’s called generative AI.

That means they don’t look up answers like Google. They generate replies based on patterns they’ve seen before.

Sometimes that goes brilliantly.

Sometimes they confidently make things up.

That’s why you’ll often see the little warning at the bottom saying it can make mistakes.

Even Sam Altman, the CEO of OpenAI, has said he’s surprised by how much people trust ChatGPT, given that it can “hallucinate” (AI-speak for confidently being wrong).

But get this…

Researchers at Pennsylvania State University ran a study using an older version of ChatGPT. They asked it the same questions in different ways. Polite prompts. Neutral prompts. And rude ones.

The rude ones performed better 😡

Noticeably better.

Short, blunt, even mildly insulting instructions produced more accurate answers than overly polite, flowery requests.

The theory is that direct language reduces ambiguity. The AI focuses on the task, not the tone.

Before you unleash your inner Gordon Ramsey 😅 the researchers were clear this isn’t a free pass to be unpleasant.

Normalising rude language has downsides. And future AI models may simply ignore tone altogether.

The real skill isn’t being nice or nasty. It’s being clear.

If you say: “Can you maybe help me understand this, if that’s okay?”, you’ll often get a vague answer back.

If you say: “Explain this in simple terms. Assume I’m not technical. Give me a practical example.” the quality jumps immediately.

That’s prompt engineering (aka “learning how to ask better questions”).

Both Microsoft and OpenAI have said most AI frustrations come down to poor prompts, not bad technology.

There’s also growing evidence that leaning on AI too heavily can dull critical thinking and confidence over time. So, it shouldn’t replace your judgement, just support it.

So no, don’t be cruel to AI.

But do be firm. Clear. Specific. And a little less polite if politeness is getting in the way of precision 🙂

Have you noticed a difference when you change how you ask AI for help? 👀

31/03/2026

Digital fraud isn’t on the rise. It’s evolving. Fast.

Scammers are using smarter tools, more convincing messages and pressure tactics designed to make even careful people slip up.

These are the simple habits that could stop your team from falling for them…

Not all tools are created equal.Some quietly support how your business works. Others add friction, risk, and lost time.I...
30/03/2026

Not all tools are created equal.

Some quietly support how your business works.

Others add friction, risk, and lost time.

It’s time to take a closer look at the difference between tools that are fit for the way you work and those that hold your team back…

Address

London

Opening Hours

Monday 10pm - 5pm
Tuesday 9am - 5pm
Wednesday 8pm - 5pm
Thursday 8pm - 5pm
Friday 8pm - 5pm
Saturday 8pm - 5pm

Telephone

+442081488270

Website

Alerts

Be the first to know and let us send you an email when TwoPlus1 Limited posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to TwoPlus1 Limited:

Shortcuts

Share

Category