Your Security Baseline
Understand Your Security Baseline Before You Make Any IT Decisions
A short, structured call to reveal where your SME sits against a Cyber Essentials�style baseline � and whether you have hidden risks your current supplier has missed.
Who this is for
This is designed for owner-managed SMEs with 10-25 staff in Sussex or Kent who:
Use Microsoft 365.
Haven’t had a structured security review.
Have unmanaged or partly managed devices.
Aren’t sure where they’d pass or fail a Cyber Essentials (CE) check.
Inherit tools and processes from previous managed service providers (MSPs).
Want clarity before investing further in IT.
If you�re asking �Are we actually secure?� � this is where you begin.
Why you need a baseline before changing anything
Most SMEs operate on assumptions:
"Microsoft 365 already backs us up."
"Our antivirus must be up-to-date."
"Our MSP handles our security."
"We're too small to be a target."
The National Cyber Security Centre (NCSC) data shows the opposite:
SMEs are now being targeted as stepping-stones to their larger suppliers and customers.
The majority have no enforceable security baseline.
Incidents often expose flaws nobody checked - identity, device management, patching, backup…
Before changing MSPs, before buying new tools, before renewing insurance - you need a clear view of where you stand.
The Triage Call gives you that clarity at a high level.
The Baseline Review gives you the evidence.
CTA Text Link
Step 1 — Free Security Triage Call
A focussed, 20-30 minute remote call that highlights your high-level posture against CE-style controls.
What you get:
A verbal red/amber/green (RAG) rating across key areas: identity, devices, patching, malware protection, backup.
A plain-English view of any obvious risks.
Insight into whether anything is critical, or urgent.
Guidance on whether a deeper assessment is warranted.
A check on whether your IT environment is suitable for our operating model.
What you get:
Not a written report.
Not a detailed remediation plan.
Not a certification service.
It's a simple, structured "reality check" for SMEs who want to know where they stand.
Step 2 — Paid Security Baseline Review
If the Triage Call indicates deeper-issues - or your business wants a formal assessment - the Baseline Review provides the structured evidence.
What you receive:
A written baseline report mapped to CE-style domains: identity & access, devices, malware/endpoint protection, patching, backup, shadow IT.
The top 5-10 risks, ranked by severity and business impact.
A practical remediation roadmap split into Now/Next/Later.
A readout session with your leadership team.
Clear alignment with Cyber Essentials controls.
100% of the review fee credited if you proceed with our all-inclusive managed service.
Purpose:
To give SMEs a practical, actionable understanding of where security efforts should go - not a generic "audit".
Not a detailed remediation plan.
Not a certification service.
If you recognise that picture, you’re the exact audience this operating model was built for.
What we assess during the Baseline Review
A targeted review of the areas that insurers, suppliers, and the NCSC, care most about.
1
Identity & Access
Multi-factor Authentication (MFA).
Admin account separation.
Password policies.
Guest access.
Single sign-on (SSO0.
2
Devices
Managed vs unmanaged.
Encryption.
Compliance policies.
Standardisation.
Inventory accuracy.
3
Malware Protection
Endpoint Detection & Response (EDR) deployment.
24/7 Security Operations Centre (SOC) coverage.
Legacy or conflicting antivirus.
4
Patching & Updates
Operating system updates.
App patching.
Monitoring.
Missed updates.
By the end, you know exactly how your business compares to a CE-style baseline.
CTA Text Link
Why SMEs choose this structured pathway
Without a baseline, everything else is guesswork.
Typical SME approach:
Rely on an MSP that vaguely reviews security.
Assumes that tools are configured correctly.
Fix symptoms instead of causes.
Discovers gaps only after an incident.
Structured pathway:
Clear, high-level triage.
Evidence-based review.
Practical roadmap.
No assumptions.
No guesswork.
Decisions made with clarity.
This is the diagnostic step most SMEs skip - and the one that prevents unnecessary spending and unnecessary risk.
Why us for this
Our entire operating model is built on:
A Cyber Essentials-aligned baseline.
Standardised device management via Microsoft Intune.
Automated onboarding/offboarding.
SentinelOne endpoint protection monitored by a 24/7 SOC.
Third-party Microsoft 365 (and server) backup.
One opinionated, all-inclusive managed service.
The Baseline Review is the gateway into that model � and ensures we only take on businesses who can maintain a consistent, secure environment.
For SMEs in Sussex & Kent
