ESTABLISH UPLINK [BOOK CALL]
// SIGNAL WIRE LIVE THREAT NOTES • PATCH ALERTS • IOC DROPS
// SYSTEM ONLINE
CONSTANT VIGILANCE

Premier Managed MSSP & Cyber Security Consultancy in Cardiff

AGENCY: 313SEC // WALES
STATUS: ACTIVE SURVEILLANCE

313SEC helps small businesses build real cyber resilience without needing an in-house security team. We combine clear guidance, practical protection, and ongoing operational oversight so you always know what matters, what has been done, and what needs to happen next.

⚠ I HAVE BEEN BREACHED
⚠ WARNING: FIREWALL BOUNDARY
SCROLL (OR CLICK) TO BREACH SYSTEM

START HERE

Cyber security made simple for UK SMEs

[ENTRY POINT // CLARITY FIRST]

>> PRIORITY_TRANSMISSIONLIMITED OFFER
The Cyber Sprint
£750 £950
+ £750 credited to your monitoring retainer
If you move into any monitoring retainer, the full £750 is credited against your onboarding or early monthly service costs. A two-week engagement: external exposure review, Cyber Essentials readiness, and a prioritised 90-day plan.

CYBER SECURITY MADE OPERATIONAL FOR SMALL BUSINESS

If you are here, you probably already know cyber security matters. The problem is that most small businesses are not short on tools, jargon or opinions. They are short on clarity, time and someone capable to take ownership.

313SEC exists to close that gap. We help businesses understand what matters, reduce real risk and build security into day-to-day operations without enterprise complexity.

WHY CLIENTS COME TO US
  • They know cyber matters but do not know where to start
  • They have IT support but no real cyber ownership
  • They want practical protection, not more noise
  • They need to answer client, insurer or supplier questions with confidence

WHAT MAKES 313SEC DIFFERENT

01 // CLARITY

WE SHOW YOU WHAT MATTERS

Plain-English guidance, real priorities and a clear view of where your risk actually sits.

02 // ACTION

WE HELP GET IT DONE

Not just reports and recommendations. We help put the right controls, monitoring and response in place.

03 // OWNERSHIP

WE STAY INVOLVED

You always know what has been handled, what still needs attention and what comes next.

HOW TO WORK WITH US

// A SIMPLE WAY TO START, THEN SCALE

PHASE 01

CYBER CLARITY REVIEW

A structured first step for businesses that need to understand their current position before committing to ongoing support.

  • Exposure and posture review
  • Priority risks ranked by business impact
  • Quick wins and practical fixes
  • 30-60-90 day action plan
PHASE 02

ONGOING SECURITY OVERSIGHT

For businesses that need monitoring, guidance and real security ownership without building an internal team.

  • Detection, monitoring and response support
  • Cloud, endpoint and email visibility
  • Remediation guidance and monthly reviews
  • Progress you can actually see
PHASE 03

STRATEGIC SECURITY PARTNERSHIP

For organisations that need more than monitoring and want a long-term partner shaping security decisions.

  • vCISO-style input and roadmap ownership
  • Compliance and assurance support
  • Client questionnaire and board support
  • Incident readiness and resilience planning

WHO THIS IS FOR

BEST FIT

  • Small and growing UK businesses
  • Teams handling sensitive customer, financial or operational data
  • Businesses with IT support but no dedicated security function
  • Organisations under pressure from clients, insurers or suppliers

WHAT YOU GET

  • Clear priorities instead of alert noise
  • Protection that fits how your business actually works
  • A named partner who understands the bigger picture
  • A roadmap that improves security over time

START WITH CLARITY. BUILD FROM THERE.

The best place to begin is usually a Cyber Clarity Review. It gives you a grounded view of where you stand now, what needs attention first and what a sensible next phase looks like.

From there, we can support you with ongoing protection, strategic guidance or a tailored security programme built around your business.

PROCUREMENT

Cyber Essentials, MDR & managed XDR packages

[RESOURCE ALLOCATION // BUDGET AUTHORISATION]

SECURITY PARTNERSHIP. PRICED WITH INTENT.

Built for organisations that want serious protection, clear ownership and a cleaner path forward. Pricing starts at the figures shown and is scoped around environment size, complexity and support requirements.

STARTING POINT

// CLARITY BEFORE COMMITMENT

THE CYBER SPRINT // LIMITED OFFER

A structured first step for businesses that want to understand current exposure, priority risks and what a sensible next phase looks like before moving into a retainer. A focused two-week engagement.

  • Exposure and posture review
  • Priority risks ranked by business impact
  • Quick wins and practical fixes
  • Cyber Essentials readiness check
  • 30-60-90 day action plan

Sign up and the full £750 is credited to any monitoring retainer you choose. The credit can be applied against onboarding or early monthly service costs across Assured Foundations, Active Defence or Strategic Partner.

CLAIM THE SPRINT →
// TWO-WEEK SPRINT
£750
£950
fully credited toward your monitoring retainer
MONTHLY
ANNUAL SAVE 10%
// TIER 1 — FOUNDATIONAL
ASSURED FOUNDATIONS
A premium managed baseline for businesses that need clear ownership and practical protection.
£695
/ month
> From pricing | up to 50 endpoints included
  • Managed endpoint monitoring
  • Email security baseline
  • Quarterly vulnerability scanning
  • Monthly security report and review
  • Cyber Essentials readiness guidance
  • Canary and exposure monitoring
  • Credential / dark web exposure checks
  • Next-business-day advisory response
  • 30-day data retention
  • 24/7 SOC monitoring
  • SOAR-assisted response
  • vCISO support
ESTABLISH
// TIER 2 — ACTIVE
ACTIVE DEFENCE
Always-on monitoring and managed response for businesses that need real operational coverage.
£1,695
/ month
> From pricing | up to 100 endpoints included
  • Everything in Assured Foundations
  • 24/7 SOC monitoring
  • SOAR-assisted response workflows
  • Identity and Microsoft 365 monitoring
  • Threat intelligence integration
  • Monthly vulnerability scanning
  • Detection tuning and refinement
  • Quarterly security review
  • 4-hour triage SLA
  • 90-day data retention
  • Included vCISO support
  • Included penetration testing
DEPLOY
// TIER 3 — STRATEGIC
STRATEGIC SECURITY PARTNER
Active defence plus senior guidance for businesses under higher operational or compliance pressure.
£3,495
/ month
> From pricing | up to 200 endpoints included
  • Everything in Active Defence
  • Dedicated security lead
  • vCISO support (up to 4 hrs / month)
  • Board-ready security reporting
  • Compliance support and roadmap ownership
  • Incident readiness planning
  • Client and supplier security questionnaire support
  • Custom detection engineering
  • 1-hour triage SLA
  • 180-day forensic retention
  • Preferred-rate validation and offensive testing
  • Priority access for strategic projects
ENGAGE

EXTEND YOUR PROTECTION

// AUXILIARY MODULES

INCIDENT RESPONSE RETAINER UPLIFT
From £1,500 / month
Enhanced emergency response coverage with reserved time, faster engagement and structured forensic reporting.
PENETRATION TESTING
From £2,500
External, internal and web application testing with clear remediation guidance and optional re-test.
TABLETOP EXERCISES
From £1,500
Scenario-led incident exercises for leadership and technical teams to improve readiness before a real event.
SECURITY AWARENESS
£3 / user / month
Interactive training with phishing simulations, user reporting workflows and stronger day-to-day security habits.
COMPLIANCE DASHBOARD
£200 / month
Evidence tracking, control visibility and reporting support for Cyber Essentials, ISO 27001 and supplier assurance.
EXTENDED RETENTION
Scoped on request
Longer log and evidence retention for businesses with insurance, contractual or forensic requirements beyond the included period.

FULL FEATURE COMPARISON

CAPABILITYFOUNDATIONSACTIVE DEFENCESTRATEGIC
Managed Endpoint Monitoring
Email Security Baseline
Vulnerability ScanningQuarterlyMonthlyPriority-led programme
Canary / Deception CoverageBaselineExpandedExpanded
24/7 SOC Monitoring
SOAR-Assisted Response
Identity / M365 Monitoring
Threat Intelligence IntegrationExposure ChecksIntegratedIntegrated + Strategic
Detection Tuning
vCISO SupportUp to 4 hrs / month
Compliance SupportCE GuidanceCE + Supplier SupportBroader Assurance Support
Offensive ValidationOptionalOptionalPreferred Rate / Priority Access
Incident Response SLANext Business Day4 Hours1 Hour
Data Retention30 Days90 Days180 Days
Included Endpoints50100200

FREQUENTLY ASKED

// COMMON QUERIES

How is pricing scoped?
The figures shown are starting points. Final pricing depends on endpoint count, identity scope, cloud footprint, retention needs and response expectations.
Minimum contract?
Annual commitments reduce the effective monthly rate by 20 percent and are better suited to longer-term programmes.
How fast is onboarding?
Most environments are onboarded in 5 to 10 working days. More complex estates may take longer if there are multiple sites, tenants or legacy systems involved.
Can I change plans?
Yes. Upgrades can be handled as scope expands. Where the environment becomes simpler, we can review and rebalance the service at the next billing point.
Who is this best for?
Small and growing organisations with real cyber pressure, whether that comes from clients, insurers, suppliers, regulated data or the absence of an internal security team.
What makes 313SEC different?
We focus on practical security ownership, detection engineering and visibility that leads to action. The point is not to drown clients in tooling. The point is to improve security in a way that holds up operationally.

OPERATIONS

Who we are, how we work, and the full service catalogue

[ORIGIN STORY // SERVICE DOSSIER // FULL CLEARANCE]

COMMAND LOG // WHO WE ARE

// ORIGIN STORY — EYES ONLY

SUBJECT: MOHAMMED KHAN ROLE: FOUNDER & CEO

"Hello World! We are 313SEC—a cybersecurity house deeply rooted in Cardiff and wholeheartedly committed to our Welsh community.

Born and raised in Wales, I’ve always believed in the power of local talent. Growing up in one of the most diverse and close-knit areas of Wales, I encountered many different cultures and viewpoints from a young age. It was this exposure that inspired me to think of a different approach to cyber security, one that tries to get in the mind of an adaptable, agile, ever-changing adversary.

Every service we offer—whether it’s advanced threat detection, red teaming, or digital forensics—embodies the spirit of Welsh resilience. We don’t just secure networks; we stand side by side with our clients, forging genuine bonds that reflect the closeness of our own community.

Thank you for supporting a Welsh business built on the values of trust, integrity, and community spirit.
Diolch."

OBJECTIVE: SIMPLIFY & INNOVATE

313SEC was founded as a truly independent boutique company of highly-skilled and certified cybersecurity experts in Cardiff. We believe that security doesn’t have to be complex to be effective.

Practical protection that fits your team and your budget. We monitor, detect and respond to threats, train your staff and help you meet standards like Cyber Essentials and ISO 27001. Our work aligns with the UK’s NCSC guidance, NIST CSF, and the MITRE ATT&CK framework for full transparency and consistency.

THE TACTICAL TRIAD

01 // RECON

OBSERVABILITY

Mapping all assets. Physical and Virtual. Scouring the dark-net for threats.

02 // DEFENCE

MONITORING

XDR solutions. Identifying known and emerging threats via behavioural analytics.

03 // INTEL

ACTIVE MEASURES

Actionable, strategic intelligence gathered from private and trusted sources.

OPERATIONAL CAPABILITIES

// FULL-SPECTRUM MANAGED SECURITY SERVICES

CONCIERGE SECURITY

[LEVEL 1]

Your Concierge Security Team provides tailored advice and guidance, aligning security with your business objectives. We act as your trusted advisors.

  • Governance, Risk, and Compliance (GRC)
  • Cyber Maturity and Risk Assessment
  • Cyber Efficacy Assessment (ROI)
  • Cyber in Mergers and Acquisitions

ACTIVE DEFENCE (MDR)

[LEVEL 2]

Develop greater insight into your security posture with broad visibility, 24x7 monitoring, and advanced threat detection. Catch advanced threats missed by traditional approaches.

  • Digital Forensics and Incident Response (DFIR)
  • SOC Build and SOC Maturity
  • Cyber Security Training & Awareness
  • Vulnerability Management

MANAGED SECURITY

[LEVEL 3]

Comprehensive, end-to-end protection. From reliable backup solutions and secure password management to creating fortified work environments.

  • End-to-end Protection
  • Secure Password Management
  • Backup Solutions

ADVERSARY SIMULATION

[LEVEL 4 - OFFENSIVE]

Face Real-world Threats in a Controlled Simulated Environment. The only way to know your weakness is with a bad actor’s view. We utilize state-actor tactics.

  • Penetration Testing
  • Red Teaming
  • Adversary Emulation
  • Purple Teaming

SERVICE CATALOGUE

// FULL OPERATIONAL CAPABILITIES MANIFEST

SVC-001

CYBERSECURITY HEALTH CHECK

A clear picture of your current posture with practical fixes aligned with NCSC best practice.

  • Review of systems and data handling
  • Identify high-risk gaps
  • Action plan with priorities
  • Optional follow-up audit
SVC-002

MANAGED DETECTION & RESPONSE

24/7 visibility powered by our DE&TH stack, designed in line with MITRE ATT&CK mapping and NIST incident response principles.

  • Endpoint, network & cloud monitoring
  • Threat detection & triage
  • Automated containment playbooks
  • Monthly reports & summaries
SVC-003

THREAT HUNTING & DETECTION ENGINEERING

Proactive hunts and custom rules aligned with MITRE ATT&CK and NIST detection standards.

  • Behavioural & intel-led hunts
  • Custom rules (Sigma, YARA, XDR)
  • MITRE ATT&CK coverage mapping
  • Adversary emulation & validation
SVC-004

INCIDENT RESPONSE & FORENSICS

Fast containment and structured investigation aligned with NIST IR lifecycle.

  • Rapid triage & isolation
  • Root cause & evidence collection
  • Malware & persistence analysis
  • Post-incident report & actions
SVC-005

vCISO

Strategic leadership following NCSC and NIST CSF frameworks.

  • Roadmap & governance
  • Cyber Essentials & ISO 27001 support
  • Risk & supply chain reviews
  • Board reporting & guidance
SVC-006

CYBER AWARENESS & PHISHING SIMULATION

Train staff to spot real-world threats following NCSC user awareness principles.

  • Sector-specific training
  • Realistic phishing tests
  • Awareness assets & briefings
  • Executive & IT sessions
SVC-007

VULNERABILITY & PATCH MONITORING

Stay ahead of exploits and misconfigurations, following NCSC vulnerability management guidelines.

  • External attack surface checks
  • Internal scans & prioritisation
  • Patch tracking & risk scoring
  • Automated alerts & reports
SVC-008

THREAT INTELLIGENCE & DARK WEB MONITORING

See threats that target your sector and brand using intelligence aligned with MITRE ATT&CK and UK NCSC advisories.

  • Credential & domain monitoring
  • Sector threat briefs
  • IOC feeds to live detections
  • OpenCTI & MISP integration
SVC-009

CTI — SECTOR NEWSLETTERS

Tailored intelligence briefings for your industry with current threat trends and practical actions.

  • Monthly sector-specific newsletter
  • Active campaigns, TTPs and top risks
  • Actionable IOCs and mitigations
  • Executive summary with optional briefing call
SVC-010

EMAIL & PHISHING PROTECTION

Secure your mail with modern controls following NCSC SPF/DKIM/DMARC guidance.

  • SPF, DKIM & DMARC setup
  • Phishing detection & sandboxing
  • Secure mail gateway setup
  • Suspicious email analysis
SVC-011

COMPLIANCE & CERTIFICATION SUPPORT

Simplify recognised standards using NCSC and NIST CSF frameworks.

  • Cyber Essentials & CE Plus readiness
  • ISO 27001 implementation guidance
  • Policy templates & evidence packs
  • Audit preparation & validation
SVC-012

CLOUD SECURITY MONITORING

Visibility & control for M365, Azure, Google & AWS.

  • Configuration & access monitoring
  • Anomalous sign-in detection
  • SIEM & XDR integration
  • Monthly remediation advice
SVC-013

PENTESTING & RED TEAMING

Delivered directly by 313SEC’s internal team of specialists.

  • Network, web & app testing
  • Red team with purple-team collaboration
  • Clear findings & remediation
  • Optional re-test
SVC-014

CONTINUOUS CYBER HYGIENE PROGRAMME

A managed bundle for year-round assurance.

  • Quarterly health checks
  • Staff training & phishing tests
  • Patch & vulnerability monitoring
  • Threat intel & monthly updates

OPTIONAL ADD-ONS

  • Secure offsite log retention & forensic archive
  • Cyber insurance support documentation
  • Secure cloud backup & recovery setup
  • NOC & SOC integration with existing MSPs

Need something not listed? We are vendor-agnostic and can integrate with your stack. Ask about custom bundles and sector packs for dental, education and legal.

SIGNAL WIRE

Threat intelligence & MITRE ATT&CK coverage

[SHORT CYBER UPDATES // THREAT NOTES // IOC DROPS]

MICROBLOG

Short operational cyber briefings from 313SEC. Built for quick scanning, simple action, and rapid updates without mixing them into the longer article library.

0 Live signals
0 High priority
0 Signal types
No noise. Just what changed, why it matters, and what to do next. 0 SIGNALS

INTELLIGENCE DOSSIERS

Cyber security research & SME threat briefings

[LONG-FORM GUIDES // EXPLAINERS // FIELD NOTES]

FREE RESOURCES

Cyber security tools, put back in your hands

[OPEN TOOLS // PRACTICAL TEMPLATES // INTERNAL KIT, SHARED]

We believe small businesses should not have to choose between paying for security and understanding it. So we are giving away tools we use internally. Some run right here in your browser with nothing to hand over. A few of our more detailed assets ask for a name, business email and phone number, so we know who is using them and can help if needed. We will never spam you or sell your details.

Free · No details

Incident Story Simulator

It is Monday, 8am, and your systems are locked. What do you do? Walk through a realistic ransomware crisis and watch how your choices change the outcome. The fastest way to understand incident response.

Run the simulation →
Free scan · Details required

External Exposure Scanner

A real scan of how your business looks to an attacker from the outside. Submit your domain and contact details, our team runs the scan, and you receive a written PDF report. No automated guesswork.

Request my scan →
Free · Runs locally

Password Strength Checker

Test how long a password would really survive, and learn why a memorable passphrase beats a complicated password. Runs entirely on your device. Nothing is ever sent anywhere.

Test a password →
Free · Runs locally

Phishing Email Analyser

Got a suspicious email? Paste the text and we will point out the warning signs: urgency tricks, fake senders, dodgy links and pressure tactics. A teaching tool to sharpen your team's instincts.

Analyse an email →
Free · No details

Backup Health Checker

Most businesses think they are backed up. Far fewer have ever tested a restore, or noticed their backup would be encrypted alongside everything else. A quick check against the 3-2-1 rule.

Check my backups →
Free · No details

Leaver's Offboarding Generator

When someone leaves, forgotten access is a serious risk. Generate a tailored offboarding checklist: accounts to disable, devices to recover, passwords to rotate, access to revoke. Print and use.

Build my checklist →
Free · No details

Breach Cost Calculator

What would a serious cyber incident actually cost your business? Estimate the real impact: downtime, lost revenue, recovery and reputation. A number that makes the conversation concrete.

Estimate the cost →
Details required

The Cyber Sprint Platform

The exact internal platform our analysts use to run a full security review. 75 controls with guidance, a findings register and a 30-60-90 day action plan builder. Run your own assessment.

Learn more →
Details required

The 10 Controls Guide

A plain-English guide to the ten security controls that stop the overwhelming majority of attacks on small businesses. What to do, why it matters, and how to check it is done.

Learn more →
Details required

Cyber Essentials Toolkit

Templates and checklists to prepare for Cyber Essentials and Cyber Essentials Plus. Know exactly what the assessor asks, what evidence you need, and where your gaps are before you apply.

Learn more →
Details required

Supplier Security Questionnaire

The questions to ask your IT provider, software vendors and partners about their security. With incoming UK regulation putting supplier risk on you, this protects you from someone else's mistake.

Learn more →

WHY ARE WE GIVING THIS AWAY?

Because a more secure UK business community is good for everyone, including us. Most attacks succeed because of basics that were never put in place, not because of clever hackers. If these tools help even a few businesses close those gaps, that is a win. And if you decide you want a hand, you know where we are. No pressure, no tricks. Just useful things, freely given.

← All Free Resources
Free · No details

Incident Story Simulator

Reading about a cyber incident teaches you facts. Living through one, even a simulated one, teaches you judgement. Make the calls, see the consequences, and find out how ready you really are.

What it is

An interactive, choose-your-own-disaster scenario. A ransomware attack unfolds on your business in stages. At each step you decide what to do, and your choices change what happens next, how much it costs, and how fast you recover. There are no trick questions, just the real decisions a business owner faces under pressure.

How to use it effectively

  1. Play it as yourself. Answer how you honestly think you or your team would react on the day, not how you think you "should". That is where the learning is.
  2. Notice the early decisions. The choices in the first few minutes (do you power off, do you pay, who do you call) shape the entire outcome. Pay attention to why.
  3. Run it with your team. Play it together in a meeting. The discussion it sparks about "what would we actually do?" is worth more than any policy document.
  4. Replay with different choices. Go back and try the paths you avoided. Seeing how a single decision changes the cost makes the lesson stick.

Why it matters

When a real incident hits, people freeze or react on instinct, and instinct is often wrong: powering machines off destroys evidence, paying a ransom funds the next attack and rarely brings data back cleanly. Businesses that have mentally rehearsed the scenario make calmer, better decisions. This simulator is that rehearsal, in ten minutes, for free.

Ransomware Scenario
← All Free Resources
Free scan · Details required

External Exposure Scanner

A real external exposure scan of your business, run by our team. You tell us your domain, we map what an attacker can see from the outside, and you receive a written PDF report. No automated checklist, an actual analyst review.

What it is

Your "attack surface" is everything about your business that is reachable from the internet: your domain, email configuration, exposed services, leaked credentials, certificates and more. Our analysts scan it the same way an attacker performs reconnaissance, then write up what we find and what to do about it. This is the same external review that opens a full Cyber Sprint engagement, offered here at no cost.

How it works

  1. Submit your details below. We need your domain plus a business email and phone number so we can confirm you are authorised to request a scan of that domain, and deliver the report securely.
  2. We run the scan manually. A real analyst reviews your external exposure: email spoofing protection, breached credentials, exposed services, certificate health and more. No black-box automation.
  3. You receive a written PDF report. Plain-English findings, ranked by risk, with clear next steps. Usually within two working days.
  4. No obligation. The report is yours to act on however you like. If you want help fixing what we find, we are here, but there is no pressure to.

Why it matters

Almost every attack begins with reconnaissance: the attacker looking for the easiest way in. Knowing exactly what they can see, before they use it, is one of the highest-value things a business can do. Most businesses have never had this done, and are surprised by what is visible.

Request Exposure Scan

Your details go directly to our scanning team at exposure@313sec.com. We will never sell your details or send spam. We use them only to run and deliver your scan.

← All Free Resources
Free · Runs locally

Password Strength Checker

Find out how long a password would really survive against an attacker, and learn the simple trick that makes passwords both stronger and easier to remember.

What it is

A live strength tester that estimates how long it would take a computer to crack a given password by brute force. It runs entirely on your own device. Nothing you type is sent, stored, or logged anywhere. It also teaches the single most useful password habit: the passphrase.

How to use it effectively

  1. Test the style of password you tend to use. Not necessarily your real one, but something in the same shape, so you learn how strong your habits actually are.
  2. Read the crack-time estimate. "Instantly" or "a few hours" means it is dangerously weak. "Centuries" is what you want.
  3. Try a passphrase instead. Type three or four random words joined together, like "otter-stapler-velvet-canyon". Watch the strength jump while staying easy to remember.
  4. Apply it where it counts. Use unique passphrases for your email and banking above all, and turn on two-factor authentication everywhere it is offered.

Why it matters

Weak and reused passwords are behind a huge share of business breaches. If one site you use is breached and you reused that password, attackers will try it everywhere else, automatically. Strong, unique passphrases plus two-factor authentication close off one of the most common ways businesses get compromised.

Password Strength Checker
Start typing to see the strength.
← All Free Resources
Free · Runs locally

Phishing Email Analyser

Not sure if an email is a scam? Paste it in and learn to spot the tell-tale signs, so you and your team build the instinct to catch the next one yourselves.

What it is

A teaching tool that scans the text of an email for the classic warning signs of phishing: false urgency, requests to "verify" details, generic greetings, unusual payment demands, boss impersonation and hidden links. It explains each flag so the lesson sticks. It checks text only and runs entirely in your browser.

How to use it effectively

  1. Paste the full email text. Include the greeting and any links as written. The more it has to read, the better it can flag.
  2. Read each warning explained. Do not just look at the verdict. Understanding why something is suspicious is what trains your judgement.
  3. Use it with your team. Run a few real examples in a team meeting. It is one of the fastest ways to raise everyone's guard.
  4. When in doubt, verify separately. If an email asks for money or details, confirm by phoning the sender on a number you already trust, never one from the email.

Why it matters

Phishing is the single most common way attacks begin. Most ransomware, most fraud and most account takeovers start with one convincing email and one rushed click. Technology helps, but a team that can recognise the signs is the strongest filter you have. This tool builds that instinct.

Phishing Email Analyser
← All Free Resources
Free · No details

Backup Health Checker

A backup you have never tested is just a hope. This quick check reveals the gaps that turn "we are backed up" into "we lost everything" when ransomware hits.

What it is

A short, honest questionnaire built around the 3-2-1 rule: three copies of your data, on two different types of media, with one kept off-site and offline. It scores your real backup resilience and highlights the single most common fatal flaw: backups that are always connected, and so get encrypted right alongside everything else.

How to use it effectively

  1. Answer for what is actually true today. Not what is planned or what the contract says. The value is in surfacing the gap between assumption and reality.
  2. Pay attention to the restore question. Having a backup and having a tested restore are very different things. Most businesses have never done a real restore test.
  3. Check the offline copy. If every copy of your data is reachable from your network, ransomware can reach it too. An offline or immutable copy is what saves you.
  4. Fix the red items first. The checker ranks your gaps. Start with anything that would leave you with no clean copy to recover from.

Why it matters

When ransomware succeeds, your backup is the difference between a bad week and the end of the business. Yet backups fail silently all the time: never tested, always connected, or missing the systems that matter most. Five minutes here can reveal a gap that would otherwise only show up on the worst day of your business life.

Backup Health Checker
← All Free Resources
Free · No details

Leaver's Offboarding Generator

The day someone leaves is the day forgotten access becomes a real risk. Generate a tailored offboarding checklist so nothing, and no one, gets left with the keys.

What it is

A generator that builds a complete, tailored leaver's checklist based on what the person had access to. It covers disabling accounts, recovering devices, rotating shared passwords, revoking building and remote access, reclaiming company data, and the often-forgotten items like cloud admin rights and third-party logins. Print it and work through it on the day.

How to use it effectively

  1. Tick what applied to the leaver. Email, admin rights, shared accounts, a company device, building access. The checklist adapts to what they actually had.
  2. Act fast, especially for unhappy departures. Disable access on or before the last day. The highest-risk window is right after someone leaves on bad terms.
  3. Do not forget the shared secrets. If the leaver knew shared passwords or Wi-Fi keys, rotate them. Disabling their account is not enough on its own.
  4. Keep the completed checklist. A signed, dated record shows due diligence if anything is ever questioned, and proves access was properly removed.

Why it matters

Ex-staff with lingering access are a quiet but serious threat, whether through malice or simple oversight. Dormant accounts are also a favourite target for attackers because nobody is watching them. A consistent offboarding process closes that gap every single time, and almost no small business has one written down.

Offboarding Checklist Generator
← All Free Resources
Free · No details

Breach Cost Calculator

Cyber risk feels abstract until you put a number on it. This calculator turns "it probably won't happen to us" into a figure you can actually plan around.

What it is

A simple estimator that adds up the real costs of a serious cyber incident for a business your size: lost revenue while you are down, staff time wasted, the cost of recovery and forensics, breach notification, and the harder-to-measure hit to reputation and customer trust.

How to use it effectively

  1. Enter your real numbers. Staff count, a rough daily revenue figure, and how many customer records you hold. Honest inputs give a useful estimate.
  2. Be realistic about downtime. Most serious incidents cause several days of disruption, sometimes weeks. Try 5 days as a starting point, then see how the cost climbs.
  3. Compare it to prevention. Put the result next to the cost of getting protected. The gap is usually stark, and that is the point.
  4. Use it in the boardroom. This is the number that turns a security conversation from "nice to have" into "obvious decision".

Why it matters

Businesses routinely underinvest in security because the cost of an incident is invisible until it happens. Seeing the likely figure, itemised, changes the conversation. For most small businesses, prevention costs a fraction of a single serious incident. This tool makes that trade-off concrete.

Breach Cost Calculator
← All Free Resources
Details required

The Cyber Sprint Platform

The actual platform our analysts use to run a full security review, given to you free. Run the same structured assessment on your own business, at your own pace.

What it is

A self-contained tool that guides you through a complete review of your security posture: 75 checks across nine areas, each with plain-English guidance explaining what good looks like. It records your findings, lets you rate severity, and builds a prioritised 30-60-90 day action plan you can export. It is the engine behind our paid Cyber Sprint, handed over for you to run yourself.

How to use it effectively

  1. Download and open it. It is a single file that runs in any web browser. No installation, no account, and your answers are saved on your own device.
  2. Work through one section at a time. Do not try to do all nine in one sitting. A section a day keeps it manageable and more accurate.
  3. Be honest in your answers. The value is in finding gaps, not scoring well. Read the analyst guidance under each item if you are unsure.
  4. Export your action plan. When you finish, export the findings and the 30-60-90 plan. That becomes your roadmap, whether you action it yourself or bring in help.

Why it matters

Most businesses have never had a structured look at their own security. They have a vague sense of "we should probably do more" but no map of what needs doing. This platform gives you that map, the same one a paid engagement would produce. Knowing where you stand is the first and most important step.

Download the Platform

Enter your details once to unlock the download.

🔒 A single HTML file. Runs offline, saves locally.
← All Free Resources
Details required

The 10 Controls Guide

If you only ever do ten things about cyber security, do these. A plain-English guide to the controls that stop the overwhelming majority of attacks on small businesses.

What it is

A concise, jargon-free PDF covering the ten security controls that deliver the most protection for the least effort: multi-factor authentication, regular tested backups, keeping software updated, controlling admin access, and more. For each one it explains what it is, why it matters, and how to check it is actually in place.

How to use it effectively

  1. Read it once, end to end. It is short by design. You will recognise some controls and learn why others matter.
  2. Score yourself honestly against each. Mark every control as done, partly done, or not done. Be truthful, that is where the value is.
  3. Start with the "not done" items. These are your biggest gaps and usually your quickest wins. Many cost nothing but a little time.
  4. Share it with whoever runs your IT. Use it as a shared checklist so everyone agrees on what is in place and what is not.

Why it matters

Cyber attacks on small businesses very rarely involve genius hackers. They almost always exploit a basic control that was missing: no MFA, an unpatched system, a backup that was never tested. Get these ten right and you remove the easy routes in that most attacks rely on. It is the highest-value document we give away.

Get the Guide

Enter your details once and we will email it straight over.

Sent to your business email. No spam, ever.
← All Free Resources
Details required

Cyber Essentials Toolkit

Everything you need to walk into Cyber Essentials certification knowing exactly what you will be asked and whether you are ready, before you spend a penny on assessment.

What it is

A set of templates and checklists covering both Cyber Essentials and Cyber Essentials Plus. It mirrors what the official assessment asks, broken into plain language, with space to record your evidence and flag your gaps. Think of it as a dry run you control, so the real assessment holds no surprises.

How to use it effectively

  1. Run the self-assessment checklist first. Go through every question honestly. It maps closely to what the certifying body will ask.
  2. Note every gap. Anywhere you cannot answer "yes" is something to fix before you formally apply. Fixing gaps first saves a failed assessment fee.
  3. Gather your evidence as you go. Use the templates to record settings, policies and screenshots. Assessors want proof, not promises.
  4. Apply when the checklist is clean. Once everything reads "yes" with evidence attached, you are ready to certify with confidence.

Why it matters

Cyber Essentials is increasingly required to win contracts, especially with government and larger firms. It also genuinely reduces your risk. But going in unprepared wastes money on failed assessments and time on rework. This toolkit gets you certification-ready efficiently, and the controls it covers protect you whether or not you certify.

Get the Toolkit

Enter your details once and we will email it straight over.

Sent to your business email. No spam, ever.
← All Free Resources
Details required

Supplier Security Questionnaire

Your security is only as strong as the suppliers who can reach your systems and data. These are the questions that reveal whether they are protecting you, or quietly putting you at risk.

What it is

A ready-made questionnaire you can send to your IT provider, software vendors, and any partner who handles your data or connects to your systems. It asks the right questions in clear language, covering their security practices, certifications, breach history, and what happens to your data if things go wrong.

How to use it effectively

  1. Start with your most critical suppliers. Whoever holds your data or has access to your systems comes first. Your IT provider is usually top of the list.
  2. Send it as a normal part of doing business. Good suppliers expect these questions and answer happily. Reluctance to answer is itself an answer.
  3. Look for evidence, not reassurance. "Yes we are secure" means little. Certifications, named policies and clear processes mean a lot.
  4. Follow up on the gaps. If a key supplier falls short, raise it. Their weakness becomes your breach. You are allowed to expect better.

Why it matters

Some of the biggest breaches in recent years came in through a supplier, not the target directly. Incoming UK regulation increasingly holds you responsible for the security of your supply chain. Asking these questions protects your business from someone else's mistake, and shows regulators and customers that you take it seriously.

Get the Questionnaire

Enter your details once and we will email it straight over.

Sent to your business email. No spam, ever.

Get the tool

A few details so we know who is using it and can help if needed.

Please provide your name, a valid business email, and a phone number.

We will never sell your details or send spam. We may follow up once to check the tool was useful. That is it.

CASE FILES

Real-world managed security outcomes

[DECLASSIFIED ENGAGEMENT RECORDS // CLIENT OUTCOMES]

Real-world engagements. Real results. Each case file documents how 313SEC deployed enterprise-grade security for organisations that needed serious protection without the overhead.

>> READY TO BECOME THE NEXT SUCCESS STORY?

SECURE UPLINK

Get in touch with our cyber security team

[ENCRYPTED CHANNEL]