- Home
- Cyber Security
Cyber security services for SMEs and schools across Manchester and Oldham
Most cyber security failures start in ordinary places: a Microsoft 365 account without MFA, an old user account, an exposed remote-access rule or a backup nobody has restored.
Remedian helps businesses and schools across Manchester, Oldham and the North West find those gaps, fix them in the right order and keep the basics under control.
See what to checkAsk for a cyber review
01
SMEs are not too small to be attacked
Attackers do not choose targets like a salesperson chooses prospects. A lot of attacks start with scanning, stolen credentials, reused passwords and fake Microsoft 365 sign-in pages.
That makes a 25-person accountancy firm, a small manufacturer or a primary school a realistic target. The attacker is looking for an easy path: a user without MFA, an exposed remote-access service, a firewall rule nobody remembers creating or a backup repository ransomware can reach.
Breaches and attacks by business size
Percentage of UK businesses that identified a cyber breach or attack in the last 12 months, 2025/26.
The useful question is not ‘Are we a target?’
Ask whether an attacker can find an easy path into your email, files, VPN, firewall or backup. That is the level where most SMEs need to look first.
02
What attackers actually do
The attack does not usually start with someone smashing through a firewall. It starts with something smaller and duller.
The breach types businesses reported most often
Percentage of all UK businesses reporting each type of breach or attack in 2025/26.
What stops this: MFA, Conditional Access, user training, alerting for risky sign-ins, mailbox-rule monitoring, patching, proper admin separation and a regular review of access that should no longer exist.
03
The mistakes we keep seeing
Most cyber gaps are not exotic. They are admin gaps. They come from staff changes, rushed projects, old suppliers, untested assumptions and nobody owning the boring checks.
A few users have MFA. Admins are missed. Break-glass accounts are not documented. Older mail protocols are still enabled. This gives everyone false confidence.
The account is disabled in one place, but not everywhere. Entra ID, mailbox delegation, shared mailboxes, VPN access, SaaS apps and local admin rights all need checking.
A backup job marked successful is not the same as a restore. For critical systems, someone needs to prove data can be recovered.
Rules get added during emergencies and never removed. Firmware falls behind. VPN accounts remain active. Logs are ignored until something breaks.
One person knows the firewall password. Another knows the backup product. A third person manages the Microsoft 365 tenant. Nobody has a clear, current record.
Nearly half of UK businesses reported a basic technical cyber security skills gap in 2025. IT has become too broad to manage by memory and goodwill.
Source for the skills-gap figure: GOV.UK Cyber Security Skills in the UK Labour Market 2025.
04
What we check first
A useful cyber review does not start with a product demo. It starts with identity, backups, devices, firewall rules and admin rights. Those are the places where real failures usually live.
For schools, the DfE cyber security standard sits alongside Cyber Essentials. It covers the governance, processes and strategy that a technical certification alone does not cover. Read the DfE cyber security standard.
05
The controls every SME needs
You do not need every cyber product on the market. You need the basic controls working properly, and you need someone to keep checking them.
| Control | First thing to confirm | Evidence we expect to see |
|---|---|---|
| Identity and MFA | MFA covers Microsoft 365, VPN, admin accounts and systems holding business data. | Named Conditional Access policies, admin-role review and a current leavers process. |
| Backup and recovery | Backups are separate from production and cannot be removed with one compromised admin account. | Successful restore records, recovery ownership and a defined test frequency. |
| Patching | Operating systems, browsers, remote-access tools and business apps have a clear update process. | Patch reports, exceptions list and a plan for unsupported systems. |
| Endpoint protection | Every live device is covered, including remote laptops and any servers still in scope. | Coverage report, alert ownership and removal of stale devices. |
| Firewall and remote access | Remote access is MFA-protected, unwanted exposure is removed and firmware is current. | Rule review, VPN-user list, firmware record and named change owner. |
The usual weak point is patch management
In the 2025/26 survey, 34% of businesses had a policy to apply security updates within 14 days. That means patching is often still handled as a background task rather than a defined control.
Source: GOV.UK Cyber Security Breaches Survey 2025/26: education institutions findings, which includes comparative business control data.
06
Cyber Essentials is worth doing, but it is not the finish line
Cyber Essentials is useful because it forces the basics into a checklist. It covers boundary firewalls and internet gateways, secure configuration, user access control, malware protection and security update management.
Why it matters
The NCSC reports that organisations with Cyber Essentials certification are 92% less likely to make a cyber insurance claim than those without it. That does not mean certification makes you untouchable. It means the basic controls are worth doing properly.
It is a clear way to identify old devices, unsupported software, weak configuration and uncontrolled admin access.
The tenant, users, devices, apps and suppliers keep changing after certification. The controls need maintaining between annual assessments.
See how Remedian supports Cyber Essentials certification or read the NCSC Cyber Essentials overview.
07
Penetration testing is not always the first job
Some businesses ask for a penetration test when they still have no MFA, no tested backup and old admin accounts everywhere. That is the wrong order.
You hold sensitive client, financial, legal or pupil data; have public-facing systems; need evidence for a contract; or have made a material change after a migration, merger, site move or provider change.
You need to deal with missing MFA, untested backup recovery, stale accounts, patching gaps or exposed remote access. A testing report is only useful when someone owns the fixes.
A sensible order
- Fix identity, MFA, backups, patching and exposed remote access.
- Agree the scope: external systems, internal systems, web applications, wireless, cloud or a mix.
- Test with agreed limits and no surprise disruption.
- Assign actions, owners and dates before the report gets filed away.
08
Microsoft 365 is where a lot of SME risk now lives
For many organisations, Microsoft 365 is the business. Email, files, Teams, SharePoint, OneDrive, calendars and customer documents all sit there. If an attacker gets into the tenant, they do not need to touch your server.
The checks are specific: Entra ID, Conditional Access, MFA methods, admin roles, risky sign-ins, external sharing, mailbox forwarding, legacy authentication and, where licensing allows it, device compliance through Intune.
The useful question
Do not ask whether you have Microsoft 365 security. Ask who checks it, how often they check it and what evidence exists when something is changed.
09
The risk changes by sector
The controls are similar. The priority changes depending on what your organisation does.
For accountants, solicitors and insolvency practices, the risk is client data, mailbox compromise, invoice fraud and reputational damage. MFA and mailbox monitoring matter because email is where much of the client trust lives.
IT support for accountants · IT support for solicitors · Insolvency IT support
The risk is downtime. If ERP, shared files, production systems or supplier access break, the business feels it immediately. Segment office and production networks where possible, protect production data and limit supplier remote access.
Schools have safeguarding, MIS data, filtering and monitoring, guest networks, BYOD and pupil data to manage. Among schools identifying a breach in 2025/26, phishing affected 90% of primary schools and 96% of secondary schools.
The risk is lack of ownership. Someone knows the firewall password. Someone else knows the backup product. Nobody has the whole picture. A documented baseline and regular review is more useful than another dashboard.
School phishing figure: GOV.UK Cyber Security Breaches Survey 2025/26: education institutions findings.
10
Where to start
Do this in the right order. Buying another product before fixing the basics just gives you more alerts to ignore.
Do not try to fix everything in one week
Set a clear order, assign owners and deal with the paths an attacker can use first. That is how you reduce risk without turning cyber security into a permanent side project for the person who knows the most about IT.
Ask Remedian to check your cyber security basics
If you want a practical view of your current cyber position, send the form. We will start with Microsoft 365 and Entra ID access, backups, old accounts, devices, firewall exposure, monitoring and the gaps that create avoidable risk.
- We will tell you what is already fine and what needs attention.
- We will prioritise the practical fixes rather than lead with another product.
- We can support one-off remediation work or ongoing managed security checks.
- For schools, we can map the work to Cyber Essentials and DfE digital standards.
Or call 0330 66 00 281 and ask for the cyber security team.
12
Cyber security for SMEs: FAQs
References and useful links
- GOV.UK, Cyber Security Breaches Survey 2025/26
- GOV.UK, Cyber Security Breaches Survey 2025/26: education institutions findings
- GOV.UK, Cyber Security Skills in the UK Labour Market 2025
- NCSC, Cyber Essentials overview
- NCSC, A decade of Cyber Essentials
- Department for Education, Cyber security: core standard
- Microsoft Learn, Conditional Access overview
- Remedian, Cyber Essentials
- Remedian, Penetration Testing
- Remedian, Secure Backup
- Remedian, IT Support for Schools
Our Services
Computer Not Working?
We Can Help You Get Back to Work with Expert Computer Repairs Manchester. Contact Us!
Secure Backup
A Secure Backup Solution from Remedian I.T. keeps your personal and business data secure and encrypted; both on and offsite to get your business back up and running with the minimum of downtime.
Broadband & WiFi
In our interconnected world your business needs to be online 24/7. Our managed broadband and WiFi will provide quick, quality connection to get the job done. Speak to our sales team to get connected.
Connection Monitoring
By monitoring your internet connection, we can detect any problems and respond to them before they become major issues, keeping you connected and working towards your goals.
Phone and CCTV Systems
Digital phone systems provide you with premium features and flexible plans that grow with your business, from single handsets to full office installations. Ask us about an HD CCTV system and access control to monitor your premises and keep your offices as secure as your data.
Hardware
Providing best value is what we are all about. When it comes to advice, supply and installation of new hardware we make sure you get the best options for your business. We can even arrange finance to help you spread the cost and manage your budgets.
Remote Support
Our helpdesk team are on hand, from Monday to Friday 8:30am – 5:00pm, to provide free, friendly remote support to make sure you can get your IT back on track in no time.

.png?width=150&height=64&name=output-onlinepngtools%20(2).png)
.png?width=229&height=97&name=output-onlinepngtools%20(2).png)