Security
Security & Resilience
Sovereignty without security is a half-measure: it doesn't matter whose jurisdiction your data sits in if anyone can walk in and take it. We make your systems hard to breach and quick to recover — pragmatically, at SME scale and budget.
No fear-selling and no box-ticking. We assess what you actually run, fix what genuinely matters first, and document it so it stays fixed.
What we secure
From a one-off audit to ongoing protection — as much as you need.
Security audit & hardening
A clear-eyed review of your accounts, devices, servers and cloud — then the fixes that matter most, applied and documented.
Backup & disaster recovery
Encrypted, tested backups and a recovery plan you've actually rehearsed — so an incident is an inconvenience, not an extinction event.
Identity & access
SSO, MFA and least-privilege access, so a single stolen password doesn't open the whole business.
Incident response
A calm, practised hand when something goes wrong — containment, recovery and an honest post-mortem.
Who it's for
- Businesses handling sensitive or regulated data who can't afford a breach.
- Teams that have grown faster than their security has.
- Anyone who has never had an honest, independent look at their exposure.
How an engagement works
Assess
We map what you run and where the real risk sits — no jargon, no scare tactics.
Prioritise
A short, ranked list: what to fix now, soon and later, with honest effort and cost.
Harden
We apply the fixes — accounts, devices, servers, backups — and document each one.
Maintain
Optional ongoing monitoring, patching and backup checks so it stays secure.
Frequently asked questions
Do I need a full audit, or just a few fixes?
Often just a few fixes — most SME risk comes down to accounts, backups and patching. We start with a quick, honest assessment and only recommend a deeper audit if it is warranted.
Do you do penetration testing?
We focus on practical hardening, identity, backups and recovery — the things that prevent the breaches SMEs actually suffer. For formal penetration testing we bring in a specialist and coordinate it, rather than overclaim it ourselves.
What happens if we are breached right now?
Tell us immediately. We help contain it, recover from clean backups, work out what happened, and document it — calmly. Then we close the gap that let it in.
Is this only for self-hosted setups?
No. We secure whatever you run — Microsoft 365, Google Workspace, cloud or self-hosted. The principles (least privilege, MFA, tested backups, patching) apply everywhere.
Explore
Want an honest read on your exposure?
Tell us what you run — we'll reply within 24 hours.
Book a security review