Security baseline
Control accounts, backup and what happens during an incident
Practical security for small businesses where Microsoft 365, cloud tools, devices and business systems matter, but access, recovery and ownership are not clear enough yet.
The first delivery is a scoped security review with a clear current-state map, prioritised actions and a baseline that can be maintained without turning security into a separate full-time project.
Describe the security situationWhat we review first
For smaller companies, security risk usually comes from several small gaps rather than one dramatic failure. The first review makes those gaps visible enough to prioritise.
- Accounts, MFA, admin roles and old access that should no longer exist.
- Email protection and phishing routines in Microsoft 365 and other central tools.
- Device updates, network basics and recurring patch ownership.
- Backup, recovery testing and what happens when a critical system fails.
- Onboarding, offboarding and access changes when people change role.
Start with the systems and accounts that matter most
Send the tools involved, who has admin access, how backup works today and what incident has worried you most. That is enough to define a useful first review.
Describe the security situation