Scaling IT Security for Growing Businesses: From Essentials to Advanced Protection
Introduction
In the articles 1 and 2 of our IT Ops for Growing Businesses series, we talked about Building Scalable IT Foundations for Pre-Start-ups: What You Need Before You Launch and Scaling Your IT: What Growing Businesses Need Beyond the Essentials
Now we’re looking at businesses where their staff have increased from a team of 5 to 30 employees, to around the 100 mark.
At this point you should be confident in your:
- Essentials: device, banking systems, domains, websites, emails, password managers, and productivity suites.
- Model and tools for consistency, security, and scalability: Backup & restore, Telephony & Communication, Email Signatures & Brand Consistency, Device Management, and Asset Management.
Brand consistency will always be a challenge, but with your procedures, emails and other tools in place it should somewhat be an easy to manage challenge. What we’ll be focusing on is the demand of additional security risks.
Where are these additional security risks coming from you ask?
Ironically what you’ve been growing: your brand reputation and staff numbers. Reputation attracts the good, the bad, and the ugly. The bad and ugly will identify poorly secured infrastructures and target your staff.
On 1st September 2025, Jaguar Land rover detected a network intrusion overnight and proactively shut down many internal systems to contain the attack . On 30th September, JLR stated production would resume in coming days, backed by a UK government £1.5–£2 billion loan guarantee to stabilize the supplier network. Full recovery and return to normal production was expected to take additional weeks, with certain systems not fully restored until later in Q4 2025. Attackers used vulnerabilities in a core server software stack compromising production systems and halting manufacturing globally. The incident derived from poor system patching and server exposure.
This is an example of cyberattacks penetrating poor infrastructure, however the common denominator for security breaches are targeted end users:
Of businesses or charities that experienced a breach or attack in the last 12 months, phishing attacks remain the most prevalent and disruptive type of breach or attack (experienced by 85% of businesses and 86% of charities). The qualitative interviews highlighted that phishing attacks were often cited as time-consuming to address due to their volume and the need for investigation and staff training. The qualitative interviews also found that organisations had a growing consciousness that increasingly sophisticated methods, such as AI impersonation, were becoming mainstream.
– Sourced from Gov UK
Remember Marks & Spencer’s disrupted service early 2025. Sophisticated phishing and social engineer enabled them to gain access to M&S Managed IT Support Provider and cause disruption to multiple businesses and consumer. M&S reported a £324m loss in sales, though it managed to recover £100m through an insurance pay out.
These are just two different examples to demonstrate how cyber attacks can be target infrastructures and staff.
So, we have mentioned items to enhance security in the business environment, such as device operating systems, domains, websites, emails, password managers, device management, and asset management. We’ve also mentioned Backup & Restore, which will could help retrospectively of a breach… So what else can we do?
1. Enhanced Polices
One of the easiest things to review and utilise to enhance security is through policies. This could be through your staff contracts and handbooks, but more efficiently enforced using Microsoft 365 and Google Workspace Admin consoles.
2. Virtual Private Network (VPN)
Hybrid working is more common than ever, and frankly in our opinion a positive progression in workplace culture. It does however create risk. With more people using the business’ systems every day from anywhere it isn’t practical to stop them using certain networks (Wi-Fi for example) and it is more difficult to identify and isolate a breach. Therefore businesses should consider a VPN for their staff. Benefits of a VPN:
- Privacy It hides what they’re doing online, so no one (like hackers or even their internet provider) can peek at their activity.
- Security It protects sensitive information, like passwords or bank details, especially when using public Wi-Fi in places like coffee shops or airports.
- Access Business online resources can be restricted so that using a VPN helps them reach those sites safely.
You have a secret tunnel that goes from your house to your friend’s house. When you walk through it, nobody outside can see you or hear what you’re saying. You can talk, share toys, or send messages without anyone spying on you.
That’s what a VPN does for your computer. It makes a secret tunnel on the internet, so when you send things (like pictures or messages), bad guys can’t peek at it. It keeps your activities safe and private, even if you’re using a big playground like public Wi-Fi.
3. Brand Consistency
Simple and effective. Although primarily used to attract customers, it can also be used to identify spoofing scams. In cybersecurity, ‘spoofing’ is when fraudsters pretend to be someone or something else to win a person’s trust. The motivation is usually to gain access to systems, steal data, steal money, or spread malware.
4. Advanced Email Security tools
Email remains the #1 attack vector for threat actors in 2025, responsible for over 90% of successful breaches in enterprise environments. Phishing, spoofing, ransomware payloads, and business email compromise (BEC) have reached unprecedented levels, driving CISOs and IT leaders to prioritize inbox defence like never before. Email security is no longer a compliance checkbox – it’s now central to enterprise risk management and brand reputation.
– Quote sourced from acsmi.org (Advanced Cybersecurity Management Institute).
What is the difference between essential email security solutions and advanced?
- An enterprise-grade tool must do more than filter spam. It must stop sensitive data exfiltration, detect suspicious behaviour in real time, and give your IT team complete visibility across the entire mail flow.
- Compatibility is critical. Your email security solution must not just sit outside your infrastructure’s ecosystem. It must integrate within it.
A few of the larger brands providing Advanced Email Security solutions: Mimecast, Proofpoint, Barracuda, Cisco, Microsoft Defender for Office 365, Fortinet, SonicWall, IRONSCALES.
Wrapping Up
We believe that although we can start with an infrastructure template to support a business, it quickly needs to evolve and mature to service the personality of the business. As a business gets bigger and adds more components its profile, the risks become greater. We haven’t touched upon physical security much, but likely a business of 100 employees will have an office, and there are elements such as entrance to GDPR waste bins to discuss.
Sometimes businesses employ Penetration Testing, often referred to as pen testing, which is a cybersecurity practice where simulated cyberattacks are conducted on computer systems, networks, or applications to identify vulnerabilities before malicious attackers can exploit them. These are typically pricey, but extremely thorough.
Walker & Munns can provide a base audit of your business for a fraction of the price to ensure your essentials are covered. We also have access to pen testing services, if required by governance bodies.
We would love to share insights on building a secure, consistent, and productive environment for your business, so please do reach out to us for a complementary consultation today.
Walker & Munns exists to help businesses take control of their IT. Through strategic guidance, genuine advice, and professional services, we empower organisations to move from reactive support to proactive, long-term solutions.
Whether you’re scaling, modernising, or simply trying to get more value from your IT investment, Walker & Munns is here to help you build the right foundations for success.
Get in touch today to ensure your business is getting the IT support it deserves!