1. Identity & MFA
Multi-factor authentication on every account. Conditional access policies. Legacy authentication blocked. Named admin accounts, no shared logins. Number matching to defeat MFA-fatigue. Why MFA is the single biggest lift.
Cyber Security · For Manchester small businesses
Not just a certificate. Real protection — across Microsoft 365, endpoints, email, identity, backups and incident response.
A dedicated cyber security service for UK small businesses (10–50 staff) — built and run by a veteran-founded Manchester MSP that's ISO 27001 certified, Cyber Essentials certified and a Microsoft Solutions Partner for Modern Work. The same tooling on our network as on yours. Plain English. No scaremongering.
24 yearsManchester-based
45+businesses supported
350+users protected
ISO 27001& ISO 9001 certified
4.8 / 24combined reviews
BC
Written and reviewed by
Brett Casterton — Founder & Managing Director, Inology IT. Ex-UK Armed Forces, 24 years running IT and security for Manchester small businesses. ISO 27001 lead. Last reviewed: June 2026.
What we actually do
Seven layers — because one is never enough.
Cyber security isn't a product. It's seven things working together. We deliver all of them as part of our Plus and Complete managed-IT tiers, or as a stand-alone overlay alongside an existing provider.
2. Microsoft 365 hardening
Tenant audit, secure score lift, Defender for Office 365 tuned, sensitivity labels where they earn their keep. Intune for device compliance. Microsoft 365 service →
3. Endpoint, malware & ransomware protection
EDR on every laptop, desktop and server — the modern replacement for traditional antivirus. Microsoft Defender for Business or third-party (SentinelOne, Bitdefender) depending on your needs. Email and DNS filtering layered in front. Alerts triaged by humans — not left noisy in a dashboard nobody reads. Paired with immutable backup so a missed click never becomes a paid ransom.
4. Email security — Email Protect Pro
Link rewriting, attachment sandboxing, impersonation detection, banner warnings on external mail. Phishing simulation and reporting for staff. The bit that catches the email-account-compromise attempts that MFA alone won't stop.
5. Immutable backup
Third-party backup of Microsoft 365 (mail, OneDrive, SharePoint, Teams) and on-prem servers. Immutable storage — ransomware can't encrypt the backup. Quarterly restore tests with documented evidence. Cloud & Backup service →
6. 24/7 SOC tier (optional)
Out-of-hours triage of Microsoft 365 and endpoint alerts by a managed security operations centre. Anomaly detection, threat hunting, monthly incident reports. Sized for SMB — usually £15–£20 per user per month on top of managed IT.
7. Compliance & certification
Cyber Essentials and CE+ delivered in-house. ISO 27001 readiness for the firms that need it. NHS DSPT support for healthcare clients. Cyber insurance questionnaires completed for you. Cyber Essentials service →
If you're mid-incident right now
Call us first — even if you've never worked with us before.
We handle active incidents for businesses we've never met. Ransomware in progress, account compromise, suspected data exfiltration, supplier-chain breach. The first hour matters most: isolate, preserve evidence, communicate. No engagement contract required for the first call.
Response times — 15 minutes in hours (Mon–Fri, 8am–6pm). 60 minutes out-of-hours. Critical-incident escalation included on Plus and Complete tiers.
SecureState™ · Cyber Security category
Measured, not assumed.
Cyber security sits inside the SecureState™ benchmark — identity, endpoint, email, recovery and incident response. We score it for you every 90 days and tell you exactly where you sit against our baseline for businesses your size. No badge theatre — just the numbers.
See how SecureState works
How an engagement works
A predictable shape, every time.
-
01
30-minute review
Brett or Simon, on the phone or video. We ask what you've got, what worries you, what insurance and customers are demanding. No deck.
-
02
SecureState benchmark
Two-week assessment against our 18-point benchmark covering identity, endpoint, email, backup, awareness and recovery. One-page report. Traffic-light score. Honest gaps.
-
03
Remediate, in priority order
We fix the gaps in the order that retires the most risk fastest. Usually MFA, conditional access and backup integrity in the first month — Cyber Essentials and SOC layered on next.
-
04
Keep it live
Ongoing controls baked into your managed IT. Quarterly SecureState re-score. Renewal of CE/CE+ kicked off 60 days ahead. Insurance questionnaires completed on demand.
How it's priced
Sits inside the Plus and Complete tiers of managed IT.
Cyber security isn't a separate bolt-on for most clients — it's the controls that make managed IT actually safe. Identity, MFA, EDR and immutable backup live in the Plus tier (£70/user/month). Email Protect Pro, 24/7 SOC, anomaly detection and ISO 27001 readiness live in the Complete tier (£85/user/month). Stand-alone incident response retainer available for firms with an existing IT provider.
Who this is for
Three Manchester businesses we'd build this for tomorrow.
The accountancy practice
15–40 staff using Sage, Xero, IRIS or CCH. ICAEW or ACCA regulated. Client data is the whole business. Needs MFA, encrypted laptops, immutable M365 backup, and Cyber Essentials Plus for procurement. Accountancy IT support →
The Trafford law firm
20–60 staff on a practice-management system. SRA expectations on confidentiality. PII insurer asking sharper questions every year. Needs identity, conditional access, email journaling and a documented incident response plan. Legal IT support →
The healthcare provider
Care provider, dental group or GP-adjacent service holding NHS data. DSPT submission due 30 June each year. Needs CE+, DSPT alignment, NHSmail and immutable backup. Healthcare IT support →
Common questions
Cyber security — frequently asked.
What's the difference between cyber security and Cyber Essentials?
Cyber Essentials is a UK government certification covering five baseline controls — firewalls, secure configuration, user access, malware protection, patch management. It's the floor. Cyber security is everything else: identity and MFA, email protection, endpoint detection and response, backup integrity, 24/7 monitoring, and incident response. CE proves the baseline. The rest is what stops the breach. See our Cyber Essentials service for the certification side.
Do I need a 24/7 SOC if I'm a 20-person business?
Probably yes — but not the way a bank does. Attacks happen overnight and at weekends because that's when nobody is watching. A small-business SOC tier (around £15–£20 per user per month on top of managed IT) gives you out-of-hours triage of Microsoft 365 and endpoint alerts by humans, not just automated noise. Whether you need it depends on the data you hold and the contractual obligations you carry — we'll tell you honestly during a 30-minute review.
How do you protect against ransomware specifically?
Three layers. (1) Stop it landing: MFA on every account, blocked legacy authentication, email security with link rewriting and impersonation detection, EDR on every endpoint. (2) Stop it spreading: least-privilege admin, segregated backups, conditional access. (3) Recover without paying: immutable third-party backup of Microsoft 365 and servers, quarterly restore tests, a documented incident playbook. The third layer is the one most businesses skip — and the one that decides whether ransomware is a bad week or a bad year.
Will cyber insurance ask for any of this?
Yes. The big six in UK SMB cyber insurance applications are: MFA on all admin and remote access, endpoint detection and response (not just antivirus), immutable or segregated backup, email security with attachment/link inspection, an annual cyber awareness training programme, and a documented incident response plan. We deliver all six as part of the Plus and Complete tiers, and we complete the insurer questionnaires for you.
We already have Microsoft 365 Business Premium — isn't that enough?
Business Premium gives you the right licences — Defender, Intune, Entra ID P1, conditional access — but most tenants we audit have less than 30% of those features actually configured. The licence is the toolbox; what you need is somebody who turns the tools on, tunes them, and watches the alerts. That's what "cyber security" actually means day-to-day.
What happens if we're already mid-incident?
Call 0161 503 3535 first — even before reading this page. We've handled active incidents for businesses we've never worked with before, including ransomware in progress and email account compromise. The first hour matters most: isolate, preserve evidence, communicate. We can be on it inside 15 minutes during business hours and inside 60 minutes out-of-hours. There's no engagement contract required to take the first call.
How does this sit alongside our existing IT provider?
Most clients move both managed IT and cyber security to us together, because they overlap heavily — the same people who manage your accounts also enforce MFA, run patching, configure Defender and watch the backups. We can run as a security overlay alongside an existing IT provider for short-term engagements (CE+ project, incident response retainer, M365 hardening), but for ongoing managed cyber security we genuinely do it better when we own the whole stack.
Are you certified yourselves?
Yes. Inology IT is ISO 9001 and ISO 27001 certified, Cyber Essentials certified, and a Microsoft Solutions Partner for Modern Work. We use the same tooling on our own network that we deploy on yours — MFA, conditional access, Defender for Business, immutable backup, the lot. If we can't run it ourselves, we won't sell it to you.
Ready when you are.
Talk to Brett or Simon. 30 minutes, on the phone or video. No deck, no decision pressure — we'll tell you honestly whether we can help.