Cybersecurity basics for small offices
Security work that actually lands.
Humpf Tech helps Albany-area teams get the practical controls right first: MFA, admin access, risky sharing, endpoint handoffs, backup confidence, and clear recovery steps.
What gets checked
Start with the controls that prevent the dumb expensive problems.
The first pass is not a 90-page audit. It is a clear view of the basics that usually create risk for small teams.
MFA coverage
Accounts that need stronger sign-in protection and the exceptions that should not exist.
Admin access
Who can change what, which privileges are stale, and what should be tightened.
Sharing risk
Mailboxes, files, groups, and vendor access that quietly drift out of control.
Endpoint basics
Device handoffs, patch posture, security tooling, and user/device ownership.
Backup confidence
What is protected, what is not, and whether recovery expectations are realistic.
Incident readiness
Who gets called, what gets shut down, and what the first hour should look like.
The approach
Make risk visible, then fix what matters.
Small offices do not need enterprise security theater. They need somebody to identify the obvious exposure, prioritize the first fixes, and leave behind documentation people can actually use.
Good fit
You know security matters, but nobody owns the basics.
Best for teams where Microsoft 365, devices, vendors, and backups have grown messy enough that “we should probably fix that” keeps coming up.
Not a fit
Compliance theater with no operational follow-through.
If the goal is only a checkbox report nobody will maintain, this is not the right engagement. The point is practical risk reduction.
How it starts
A simple security cleanup path.
Look at access
Users, admins, shared files, vendors, and old accounts.
Fix the obvious
MFA, admin cleanup, backup gaps, endpoint handoffs, and risky sharing.
Leave a plan
Document what changed, what is still exposed, and what should happen next.
Start here