Home  /  Security

Solutions

Cyber security that's already running before anything goes wrong.

Most small businesses treat security reactively. Something goes wrong, they deal with it. The problem with that approach is that by the time you know something has gone wrong, the damage is already done.

Security

We take a different approach. Every Network Fish managed support client gets a full security stack deployed and managed as part of their contract. Not an optional add-on. Not a separate quote. Included.

Here is what that looks like in practice.

Antivirus

Managed antivirus deployed to every Windows and Mac device in your business, monitored centrally. Not installed and forgotten. If protection lapses on any device, or an update fails, we know about it and fix it before it becomes a problem. One unprotected machine is all it takes.

Advanced threat detection (EDR: Endpoint Detection and Response)

Your antivirus catches threats it already recognises. But what about an attack it has never seen before?

We also run software that watches how every device is behaving, around the clock. If something starts acting suspiciously, even if it looks like a legitimate programme, the software spots it, contains it, and responds automatically — before anyone needs to pick up the phone. It works across Windows, Mac, and Linux.

Web-level threat blocking (DNS Filtering)

Before your team’s browser even connects to a dangerous website, we block the connection at the network level.

Malicious links in phishing emails, fake login pages, malware download sites: all stopped before they load, whether your team is in the office, at home, or travelling. It does not require your staff to know what to avoid. It stops the connection happening in the first place.

Two-step login, enforced for everyone (MFA: Multi-Factor Authentication)

A password on its own is not enough. We make sure every account in your business — email, cloud apps, VPN, and any other business system — requires a second verification step before anyone can log in. Usually a code sent to a phone or generated by an app.

Even if an attacker has someone’s password, they cannot get in without that second step. It is the single most effective security control available to a small business. We make sure it is switched on across your whole business and stays that way.

Device hardening

Out-of-the-box device settings are not secure. We apply a recognised security baseline to every device in your business: disabling services that do not need to be running, restricting who can make changes to the machine, enforcing strong login policies, and controlling what can be plugged in via USB. This is done at the start and reviewed regularly, and it maps directly to the Cyber Essentials technical requirements.

Automatic software updates

Outdated software is the most common way attackers get in. We deploy operating system and application updates automatically, on a tested schedule, across every device. Critical security patches are fast-tracked. You never need to think about it, and nothing is left running on an old version.

Vulnerability scanning

We run continuous scans of your network and devices to find security weaknesses before an attacker does. Think of it as a constant health check: looking for unpatched software, misconfigured settings, exposed ports, and known risks across your entire estate.

When something is found, it is raised as a ticket in our helpdesk and resolved. Every quarter we give you a written report of what was found and what was done about it.

Cyber Essentials

Cyber Essentials is a UK government-backed security standard that tests five core areas: firewalls, secure device configuration, user access controls, malware protection, and software patching. Passing the assessment gives you a certificate that lasts 12 months.

It is increasingly required by insurers and by larger organisations before they will work with a supplier. For businesses tendering for UK government contracts, it is mandatory.

We hold Cyber Essentials certification ourselves. For managed support clients, the gap analysis, remediation guidance, and support through the certification process are included in your contract. The only additional cost is the certifying body fee, currently around £300, paid directly to them.

Cyber Essentials Plus (an independently audited, higher level of certification) and CREST-certified penetration testing are available as additional services.

In plain English

Attackers do not target businesses because they are interesting. They target them because they are easy. A business without managed antivirus, without two-step login, without automatic patching, is an easy target.

With Network Fish, every device in your business is monitored, protected, updated, and hardened. All day. All night. For one monthly fee.

One monthly fee. One number to call.

The day-to-day risk of keeping your business secure becomes our job, not yours.

Book your free site survey   or call +44 (0) 207 403 4031

Frequently asked questions

What security measures does Network Fish include as standard?

Every Network Fish managed support client receives a full, layered security stack as standard: managed antivirus, advanced threat detection (EDR), web-level threat blocking (DNS filtering), multi-factor authentication enforced across every account, device hardening, automatic patch management, and continuous vulnerability scanning. None of this is an optional add-on — it's included in your monthly fee.

What is the difference between antivirus and EDR?

Antivirus catches threats it already recognises by matching files against a database of known malicious signatures. EDR (Endpoint Detection and Response) goes further, watching how devices behave and catching suspicious activity even when it doesn't match a known threat. We deploy both together — see our Antivirus & Security page for more detail.

Why do you enforce MFA on every account with no exceptions?

A compromised account doesn't stay contained to one part of a business — it can be used to attack clients, suppliers, or other systems regardless of how sensitive that particular account first appeared. Multi-factor authentication remains the single most effective control against account takeover, and it's already included in most Microsoft 365 and Google Workspace licences. See our MFA vs 2FA page for our full position.

What is DNS filtering and how does it fit into your security stack?

DNS filtering blocks connections to known malicious websites before they load, stopping phishing links and malware sites whether they arrive by email, text, or any other route. For Windows devices, this protection follows you off the office network too. See our DNS Security page for the full detail, including platform coverage.

Does your security stack protect against phishing specifically?

Yes, through several layers working together: email filtering catches most phishing before it reaches the inbox, DNS filtering blocks malicious links that get through, MFA limits the damage if a password is compromised, and security awareness training helps your team recognise what technology alone can't catch. See our Email Defence Services and Cybersecurity Awareness Training pages.

What is vulnerability scanning and how often does it run?

Vulnerability scanning is a continuous, automated check across your network and devices for unpatched software, misconfigured settings, and exposed ports — run regularly rather than as a one-off annual review. Issues are raised as helpdesk tickets and resolved, with a written report provided quarterly.

Does this security stack help with Cyber Essentials certification?

Yes. The controls described here — malware protection, secure configuration, access control, and patch management — map directly onto the five technical controls assessed under Cyber Essentials. For managed support clients, the gap analysis and support through certification is included at no extra charge beyond the certifying body fee.

Is this security stack suitable for a small business, or is it built for larger companies?

It's built specifically for SMEs. Every control described here is something we manage and monitor centrally, so you get enterprise-grade protection without needing an in-house security team or specialist knowledge. It's included in your managed support contract regardless of business size.