ls.consulting :: sys status ALL SYSTEMS OPERATIONAL · M-F 4p–10p · Sat 7a–10p · Sun by appt
~/services/cybersecurity

Cybersecurity

// Modern security posture for businesses too small to have a CISO and too important to skip it.
// REALITY CHECK

Security for businesses too small for a CISO.

Small businesses get breached the same way large ones do, but with worse insurance and less room to absorb the hit. We implement the security controls that actually move the needle — the same ones your cyber-insurance carrier is going to ask about — without selling you a SIEM you don't need or a SOC contract you can't justify.

// IMPLEMENT

What we implement

Identity & access

  • MFA / SSO rollouts (Entra, Google, third-party SAML)
  • Conditional access policies & named locations
  • Privileged account separation; break-glass accounts
  • Password manager rollout for your team

Endpoint

  • EDR (endpoint detection & response) deployment, tuning, monitoring
  • OS patching baseline (handled alongside RMM — firmware too, with the honest caveats noted there)
  • Disk encryption baseline (BitLocker, FileVault)
  • USB / removable-media policies where appropriate

Network

  • Firewall UTM with controlled policies: content filtering, geo-blocking, IDS/IPS
  • Site-to-site & client VPN where remote access is needed
  • Network segmentation (separating guest, IoT, and corporate traffic)
  • Wi-Fi authentication hardening (WPA3 where supported; 802.1X for sensitive environments)

Email & data

  • Email security & anti-phishing (built into the M365 / Workspace tenant)
  • DMARC, SPF, DKIM correctly configured (most clients arrive with these half-broken)
  • Backup encryption posture (covered on Backup & DR)
// COMPLIANCE

Cyber insurance & paperwork

Insurance carriers have gotten serious about what they require for renewal. We help you actually meet the controls they're asking about, and produce the documentation when they come asking.

  • Cyber-insurance application & renewal questionnaire support
  • NIST CSF-aligned baseline (right-sized for small business — not a 300-page binder)
  • HIPAA-adjacent guidance for medical clients (technical safeguards layer)
  • Incident-response runbook (so you're not Googling "what do we do" at 2am)
// SCOPE — HONEST

What we don't do

We refer out for:

  • Formal SOC 2 / ISO 27001 audits — those go to specialists; we can introduce you
  • Full penetration tests (we know good red teams and can introduce you)
  • 24/7 SOC monitoring for high-volume threat workloads (most small clients don't need this; if you do, we'll connect you with a MDR partner)
// FAQ

Common questions

Our cyber insurance carrier is asking about EDR / MFA / backups — can you help?

Yes — this is one of the most common reasons clients come to us. We can implement, document, and produce evidence for the controls listed on most renewal questionnaires.

We've never had a breach — do we really need all this?

Most small businesses that get hit have never been hit before — that's the nature of it. The baseline we recommend is what the controls actually cost (lower than people expect) and dramatically reduces both probability and blast radius.

How fast can MFA be rolled out company-wide?

Days to a couple of weeks depending on size and what you're starting from. Most of the time is communication and a brief enrollment window, not technical lift.

// READY?

Ready to talk?

Quick consult, RFQ, or "our server's making a weird noise" — all fair game. We respond fast.

start-conversation