Skip to content
Network Motion

Cyber Security

Serious protection, sized for a smaller business

You don't need an enterprise security department. You need the right layers, properly run: endpoints watched, email filtered, identities locked down, updates applied — and evidence you can show clients and insurers.

Defence in layers

No single silver bullet — six layers that work together

Attacks rarely beat every control at once. Each layer covers the gaps in the others, and we run them all as one managed service.

Layered defence diagram: your business sits in the centre, protected by six overlapping controls — identity and MFA, patching, email security, endpoint detection, staff training and tested backup. You Identity & MFA Patching Email security Endpoint detection Staff training Tested backup
No single control has to be perfect — an attack has to get through all of them.

Endpoint detection & response

Software on every laptop and server that watches for attack behaviour and isolates it in minutes (the industry calls it EDR/MDR), with human eyes on the alerts.

Email security

Phishing, spoofed invoices and dodgy attachments filtered before they land. Email is still how most SME breaches start.

Identity & MFA

Multi-factor authentication everywhere it matters, admin rights trimmed back, and joiner/leaver access reviewed as routine.

Patching discipline

Known vulnerabilities closed on a schedule across operating systems and applications — boring, relentless, effective.

Security awareness training

Short, non-patronising training and simulated phishing for your team — because people click less when they know what to look for.

Backup that assumes the worst

Ransomware-resistant copies of your data, tested restores, and a written plan for the bad day. Covered fully under Backup & DR.

Certification

Cyber Essentials, without the panic

Cyber Essentials is the UK government-backed standard that proves your organisation has the fundamentals in place. Increasingly, clients, insurers and public-sector frameworks simply require it.

The five control areas — firewalls, secure configuration, security update management, user access control and malware protection — are exactly the hygiene a well-run IT environment should have anyway. So we treat certification as a by-product of doing IT properly, not a laminated certificate to chase once a year.

Firewalls Secure configuration Security updates Access control Malware protection

How we get you certified

  1. 1

    Gap assessment

    We measure your current setup against the five Cyber Essentials control areas and give you a straight list of what passes, what fails and what it takes to fix.

  2. 2

    Remediation

    We do the fixing — MFA, firewall rules, supported software, access control, malware protection — as careful engineering work, not a box-ticking scramble.

  3. 3

    Certification

    We prepare the evidence and support your submission through an accredited certification body, answering the assessor's questions with you (and for CE Plus, hosting the audit).

  4. 4

    Keeping it

    Certification lasts twelve months. Because the controls become part of how we run your IT day-to-day, renewal is a formality rather than a second project.

The honest pitch

We won't sell you fear. Here's the maths instead.

Think about a week without email, files or invoicing, then add the cost of telling clients why. Layered security for an SME costs a small fraction of one such week — that's the whole argument, calmly stated.

Proportionate

Controls chosen for a 10–250-person business — effective, affordable, and light enough that people don't route around them.

Watched by humans

Tooling alerts; engineers decide. Genuine threats get acted on in minutes, and you're told what happened and what we changed.

Evidence-ready

Insurers, auditors and client due-diligence questionnaires answered from records we already keep — not a scramble.

FAQ

Cyber Essentials, cost and the overkill question

The things people check before they trust anyone with their security.

What's the difference between Cyber Essentials and Cyber Essentials Plus?

Same five control areas, different levels of proof. Cyber Essentials is a verified self-assessment questionnaire. Cyber Essentials Plus adds an independent technical audit — an assessor actually tests your systems. Many contracts and frameworks (especially public sector) specify Plus.

How long does Cyber Essentials certification take?

It depends on the gap, not the paperwork. A well-run environment can be ready in a couple of weeks; one with legacy kit and loose admin rights might need a month or two of remediation first. The gap assessment gives you a real timeline before you commit.

Will we pass first time?

If we've done the remediation, that's the intention — we don't put submissions in to see what happens. Where something can't be fixed before the deadline a client has set, we'll tell you early and agree a plan rather than gamble the assessment.

A client has given us a deadline to get certified. Can you help?

Yes — this is one of the most common reasons businesses first call us. Tell us the deadline on the first call and we'll be honest about whether it's achievable and what it needs.

Do we really need all this if we're small?

You need protection proportionate to what an attack would cost you — a week of downtime, a fraudulent invoice paid, client data leaked. The layers above are sized and priced for SMEs; none of it is enterprise theatre.

Is Network Motion itself certified?

We practise what we install — the controls we run for clients are the controls we run internally. Formal certificates and accreditations will be listed on this page as they're published rather than claimed loosely here.

Talk to us

Get a straight answer on your security

Whether it's a client demanding Cyber Essentials or a nagging feeling you'd not survive a bad week — tell us, and we'll tell you where you stand.

The gap assessment shows you the full list of findings before any remediation work is agreed.