// cybersecurity

Cybersecurity for small business

Attackers automate; they don't care that you're small. We implement the controls that stop 90%+ of real-world attacks — sized and priced for a 10–100 person company.

// the stack

Five layers, in priority order

Identity

MFA on every account, conditional access, secure offboarding. Stolen credentials are the #1 entry point — we close it first.

Email

Advanced filtering, anti-phishing and impersonation protection, plus SPF/DKIM/DMARC done properly so your own mail lands.

Endpoints

Managed EDR on every laptop and server — detection and response, not just legacy antivirus — with full-disk encryption enforced.

People

Short quarterly awareness training and simulated phishing. Ten minutes a quarter measurably reduces click rates.

Recovery

Immutable backups and a written, tested incident response plan — because resilience is the control that saves you when the others fail.

// honest scoping

What we do — and what we'll refer out

We design, implement and manage security for small businesses, and we handle first response when something looks wrong: isolating machines, resetting credentials, preserving evidence, coordinating recovery. We are not a 24/7 SOC and we won't pretend to be one. If your risk profile genuinely needs round-the-clock monitoring or a forensic investigation, we'll say so and connect you with a specialist partner — and manage them for you.

Compliance and client questionnaires

Increasingly, small firms lose deals because they can't answer a customer's security questionnaire. We get you to a defensible baseline aligned with CIS Controls, help complete questionnaires, and produce the evidence — policies, MFA reports, backup test logs — that enterprise clients and cyber insurers ask for.

// questions

Frequently asked

We're too small to be a target, aren't we?

Attacks on small businesses are mostly automated — bots scan for weak credentials and unpatched systems regardless of company size. Small firms are targeted precisely because defenses are usually weaker.

Do you help with cyber insurance requirements?

Yes. Insurers now require MFA, EDR, and tested backups as a condition of coverage. We implement the controls and provide the evidence for your application or renewal.

What happens if we get hit by ransomware?

Managed clients have a written incident response plan we execute together: isolate, assess, restore from immutable backups, and report where legally required. Recovery targets are agreed in advance, not improvised during a crisis.

Can you do just a one-time security audit?

Yes. Our security assessment is a fixed-price project that produces a prioritized findings report. You can remediate with us, with your own IT, or with anyone else.

See where your IT stands

A 45-minute assessment and a written report of risks, costs and quick wins. Free, and useful even if you never hire us.

response within one business hour Get a free IT assessment