·Cyber Essentials & security
Security basics,
done properly.
Most small-business breaches come through the front door. Weak passwords, missing MFA, a server that hasn't been patched since 2022. Cyber Essentials is the plain-English baseline that closes those doors. I'll help you pass it, and mean it.
01Where I help
Plain security,
not theatre.
Cyber Essentials prep
- Gap analysis: a short review against the five controls, with a written list of what needs to change.
- Fix the gaps: patching, admin accounts, firewall configuration, malware protection.
- Cyber Essentials Plus: the audited version, if your contracts or insurance need it.
- Certification cost guidance: what you'll pay IASME, what you'll pay me, kept honest.
Identity and access
- MFA rollout across Microsoft 365, Google Workspace, and any SaaS that matters.
- Single sign-on with Microsoft Entra, Okta or Google: fewer passwords, less risk.
- Password managers for teams: 1Password, Bitwarden or similar, rolled out properly.
- Conditional access and privileged access for finance, trust and fiduciary work.
Reviews and audits
- Security review: a plain-English assessment of what you're doing well and what's exposed.
- Vulnerability management: scanning, patching cadence, and who owns fixing what.
- SaaS audit: who has access to what, who left six months ago but still does.
- Vendor and supplier risk: the third-party accounts with keys to your data.
If something happens
- Incident response plan: a written one, agreed with you, not a template left on a shelf.
- Ransomware readiness: backups tested, paths to recovery mapped.
- Tabletop exercises: walking your team through a scenario before a real one happens.
- Working with specialists: I'll bring in pen testers or forensics where it's warranted, not pretend I am one.
Start with a short review.
A two-to-four hour review usually surfaces most of what matters, with a clear written list of what to fix first. No long contracts, no scaremongering.
Book a review→