Securing Sydney businesses since 2002

Cyber Security Services for Small Business

Essential Eight aligned managed security, with clear inclusions and optional compliance uplift

Sydney and Western Sydney

Managed cyber security programs for businesses with 10 to 200 seats.

Establish a baseline and prioritise your security uplift. Maintain Essential Eight controls with reporting that makes sense to managers.

Book a consult Request a baseline assessment

Download Essential Eight baseline checklist (PDF)

Expected outcomes

A clear starting point and prioritised roadmap.
Controls maintained as your systems change.
Simple reporting for business owners and boards.
Optional uplift modules to improve specific outcomes.

The security stack

We use industry-leading tools to protect your environment.

Endpoint & Email

SentinelOne and Check Point Harmony.

Identity & Access

Duo MFA, Keeper, and ThreatLocker.

Data Protection

Cove Backup and DNSFilter protection.

Governance

Essential Eight alignment and risk reporting.

Expert guidance Our team manages the technical complexity so you can focus on your business.

Key facts

What to expect

Clear scope, commercial terms, and how we deliver Essential Eight aligned outcomes.

Coverage and engagement

Area served Sydney and Western Sydney, with NSW coverage
Client fit Typically 10 to 200 seats
Minimum seats 10
Term Typical contract term 12 months

Security scope

Standards Essential Eight aligned delivery and reporting
Plans Core $89, Growth $99, Enhanced $149 per seat per month, ex GST
Included Security foundations included in every plan
Uplift modules FortiGate, Backup and DR, Microsoft 365 backup, ThreatLocker, Duo, Managed DMARC

Prices shown are per seat per month, ex GST. Availability and final scope are confirmed during onboarding.

Why a Structured Program Matters

Small businesses often struggle with inconsistent security. A project might fix one issue but leave others open. Our managed approach ensures every gap is addressed over time.

This structure provides a roadmap that grows with your business. It allows you to invest your budget where it helps most.

We use the Essential Eight, published by the Australian Cyber Security Centre, as a practical baseline for risk reduction. It provides a clear path to strengthen resilience over time.

It also simplifies the process for your internal staff. Our team handles the technical burden so you can focus on operations.

Industry Standard

Essential Eight Framework

We use the Essential Eight, published by the Australian Cyber Security Centre, as a practical baseline for risk reduction. It provides a clear path to strengthen resilience over time.

Our team manages the technical complexity of these eight strategies. We focus on practical implementation for firms with 10 to 200 staff. This approach ensures your security grows with your business needs.

Patching

Update software quickly to fix known vulnerabilities.

MFA

Protect identities with multi-factor authentication.

Backups

Maintain offline copies of your critical business data.

Admin Rights

Restrict privileged access to prevent unauthorised changes.

What it is

It is a set of strategies to prevent unauthorised access. The framework focuses on patching, backups, and protecting user identities.

What it is not

It is not a guarantee against every incident. Controls require constant verification as new threats emerge in Australia.

We focus on measurable uplift and ongoing assurance for your peace of mind.

Our Methodology

Delivery and Assessment Approach

Our delivery model provides a clear starting point for your security journey. We focus on creating a prioritised roadmap that addresses your most critical risks first. This structured approach ensures your investment delivers the best possible protection. We provide transparent reporting to support your business decisions and demonstrate progress.

What you receive

Baseline maturity summary with clear priorities.
Prioritised uplift roadmap mapped to Essential Eight.
Monthly progress reporting for clients on an uplift path.
Executive risk summaries for business owners and boards.
Basic incident response documentation and contact lists.

Request the baseline assessment

How it works

Scope: Confirm critical systems and business constraints.

Assess: Measure maturity against Essential Eight to find gaps.

Plan: Build a phased roadmap with sensible sequencing.

Execute: Implement uplift through managed services and modules.

Maintain: Report progress and keep controls effective daily.

Service Alignment

Strategic Security Alignment

We align our services with the Essential Eight to provide measurable protection. This mapping shows how our managed plans and uplift modules address specific risks. We ensure each technical control is maintained and reported on consistently. This transparency allows your management team to track security maturity with confidence. Our team handles the implementation, so you can focus on growing your business.

Strategy	What it reduces	Our Delivery	Service Level
Application control	Unauthorised software execution	ThreatLocker policy & allowlisting	Uplift Module
Patch applications	Known app vulnerabilities	Managed patching & verification	Included
Office macros	Phishing payload execution	M365 security policy controls	Included
App hardening	Browser-borne attacks	Baseline configuration management	Included
Restrict Admin	Privilege abuse & movement	Access reviews & governance	Included
Patch OS	OS vulnerabilities	Managed OS patching & monitoring	Included
MFA	Account takeover	Duo rollout & management	Uplift Module
Regular backups	Ransomware & data loss	Cove backup & automated testing	Uplift Module

Application control

We manage ThreatLocker to restrict unauthorised software. This reduces malware paths and execution risks.

Patch applications

We manage and verify application patching. This reduces exposure to known vulnerabilities in your business software.

Office macros

We implement M365 controls to block macro-based attacks. This improves baseline security for all staff.

User app hardening

We manage configuration settings to protect browsers and documents. This ensures controls stay active after updates.

Restrict Admin

We review and limit administrative access. This prevents lateral movement if an account is compromised.

Patch OS

We handle OS patching and monitoring consistently. This ensures critical security updates are applied to every system.

MFA

We deploy Duo MFA to stop account takeovers. This secures access to your most critical business data.

Regular backups

We manage Cove offsite backups with automated testing. This provides confidence in your ability to recover data.

Our managed security programs ensure these essential controls remain active as your business grows.

Transparent Pricing

Managed Security Service Plans

We provide clear security foundations in every plan. Our structured approach ensures you only add uplift modules where they improve your specific risk profile. This transparency allows you to invest your budget where it helps most. We manage the technical burden so your staff can focus on daily operations. Every plan includes consistent reporting to keep your management team informed of progress.

Included security foundations

★ Managed software and security updates for all endpoints.
★ Monitoring and alerting for critical infrastructure.
★ Backup monitoring and daily exception management.
★ Microsoft 365 administration and security configuration.
★ Executive reporting for visibility and accountability.
★ Endpoint protection managed within your environment.

Your assessment confirms what is in place and what requires uplift.

What this means day to day

✓

Start with a baseline and follow a prioritised roadmap.

✓

Maintain controls automatically as systems change.

✓

Triage alerts with a professional escalation path.

✓

Receive consistent reporting and review cadence.

✓

Add optional modules only where they improve risk.

✓

Benefit from ongoing verification of your security.

Service Item	Core	Growth	Enhanced
Monthly per seat	$89 ex GST	$99 ex GST	$149 ex GST
Support hours	Business hours	Business hours	24/7 included
Security foundations	✔	✔	✔
Compliance reporting	Optional	✔ Included	✔ Included

Minimum 10 seats apply. All prices are ex-GST. Typical contract term is 12 months.

Strategic Add-ons

Optional Compliance Uplift Modules

Targeted modules are added only where they materially reduce risk. These solutions improve your maturity outcomes without unnecessary complexity. We ensure each technical control aligns with your broader business goals.

Managed Fortigate Firewall

Managed perimeter control with business-grade protection and ongoing support.

Annual subscription costs included.
Device updates and ongoing support.
Next business day replacement.
Change support and configuration.

Pricing: 50G $100/mo, 70G $150/mo, 90G $220/mo.

Discuss Fortigate

Cloud Backup & Recovery

Offsite backup with monitoring and automated testing for reliable recovery.

Offsite backup with deduplication.
Three years data retention.
Monthly automated testing reports.
Proactive monitoring and support.

Pricing: $149/mo per server. $1495 setup. 500GB included.

Discuss Backup

Backup & Disaster Recovery

Cold standby cloud servers for rapid deployment after a major failure.

Includes Cloud Backup features.
Cold standby servers ready for use.
Recovery without capital spend.

Pricing: $229/mo per server. $1995 setup. 500GB included.

Discuss DR Options

Managed Microsoft 365 Backup

Independent backup of your cloud data with Australian data residency.

Exchange, OneDrive, Teams support.
Seven years data retention.
Backups run every four hours.
Secure data held in Australia.

Pricing: $8.95 per mailbox per month.

Discuss M365 Backup

Email Protection (Sendmarc)

Protect your domain from spoofing and improve email deliverability.

DMARC policy and monitoring.
SPF and DKIM alignment support.
Ongoing domain protection reports.

Pricing: 30 users $112/mo. $1100 setup fee.

Discuss Email Security

Duo MFA Management

Reduce account takeover risk with managed multi-factor authentication.

MFA rollout and policy settings.
Ongoing change and user support.
Practical user adoption guidance.

Pricing: Custom quote based on user count and scope.

Discuss Duo MFA

Our Process

How we deliver ongoing assurance

Clear delivery steps and expectations, designed for business owners and managers. We provide a structured path from initial setup to long-term security management.

Professional Onboarding

We confirm scope and establish your standard operating environment. This sets your baseline monitoring, patching, and security controls.

Monitoring & Alerting

We monitor endpoints and critical infrastructure 24/7. Our team triages alerts and escalates issues based on their business impact.

Patching & Updates

We manage critical software and security updates across all systems. Managed changes ensure consistency without causing unnecessary business disruption.

Vulnerability Management

We perform regular scanning and provide clear remediation priorities. Necessary uplifts are scheduled directly into your long-term security roadmap.

Reporting & Reviews

Receive structured reporting to track improvements and future plans. We provide the transparency needed for informed management decision-making.

Incident Response

Enhanced plans include 24/7 coverage. We coordinate with insurers and vendors during incidents to ensure a rapid recovery.

Our delivery framework supports Sydney businesses from 10 to 200 seats with consistent IT excellence.

Client Trust

Proof and Performance

Service performance and client feedback presented in a straightforward format. Google reviews displayed on this page are verified by Trustindex.

Responded within 1 hour

95%

Service desk cases responded to within 1 hour.

Resolved within 1 hour

98%

Service desk cases resolved within 1 hour.

Securing Sydney

Since 2002

Securing Sydney businesses since 2002.

"They are absolutely fantastic — they manage all our computer and IT needs."

Fallsdell Machinery — Google Review

"Super helpful and friendly. Reliable and proactive during our phone system update."

Victoria Franco Fernandez — Google Review

"Within 25 minutes of logging a job it was fixed and I was working again."

Jan Shaw — Google Review

Support & Guidance

Frequently Asked Questions

Clear answers for business owners regarding our security delivery. We ensure technical concepts are translated into practical business outcomes.

+ What is included in managed cyber security?

We include security foundations such as updates, monitoring, and operational controls. Higher assurance is available through Enhanced plans or specific uplift modules.

+ What is an Essential Eight assessment?

This structured review establishes your current state and identifies security gaps. It results in a prioritised roadmap for your business maturity.

+ Do you guarantee compliance?

No. We focus on measurable uplift and ongoing maintenance of controls. Success depends on scope and the specific maturity targets agreed in your roadmap.

+ How long does security uplift take?

Most businesses start with a 90-day plan for critical risks. Full staged uplift typically continues over 6 to 12 months.

+ What are optional uplift modules?

Uplift modules add targeted controls to your managed plan. These are selected only where they materially reduce risk for your environment.

+ Can you work with our existing tools?

Usually, yes. We confirm your existing setup during onboarding. We then decide what to retain or improve based on your goals.

+ Do you provide 24/7 incident response?

Enhanced plans include full 24/7 coverage. Core and Growth clients can add this as a supplemental service.

+ What does monthly reporting include?

Reports provide visibility on service performance and security progress. They are designed for owners and managers to make informed decisions.

+ Do you back up Microsoft 365?

Yes. We provide independent backup with retention and recovery controls. This data is kept separate from standard Microsoft platform retention.

+ Do you help with email spoofing?

Yes. We offer Managed DMARC using Sendmarc to reduce spoofing risk. This improves your domain protection and email deliverability.

Essential Eight resources

Plain-English guidance and next steps

Use these pages to understand the framework, establish your baseline, and plan staged uplift.

Essential Eight overview Essential Eight assessment Essential Eight uplift program

Supporting pages

Cyber security topics

Short, practical pages that explain what is included, what is optional, and how each layer supports risk reduction.

View pricing Book a consult

Endpoint protection

EDR, policy hardening, monitoring and reporting.

Email security

Anti-phishing controls plus spoofing reduction options.

Incident response

Triage, containment, recovery and post-incident uplift.

SMB1001 readiness

A structured path beyond Essential Eight foundations.

Managed FortiGate

Firewall monitoring, updates and change control.

Backup and recovery

Restore readiness, monitoring and DR options.

Uplift modules

ThreatLocker

Application control, allowlisting and change approvals.

Managed DMARC

Sendmarc-managed DMARC to reduce spoofing risk.

Duo MFA

Stronger sign-in protection with rollout and support.

Microsoft 365 Backup

Independent backup for Exchange, OneDrive, SharePoint and Teams.

Take the Next Step

Talk to Milnsbridge About Your Security Baseline

You do not need technical expertise to start protecting your business. We confirm your scope and establish a clear baseline for your operations. Our team explains every uplift path in plain language.