Non-profit cyber security support for SMBs

Practical cyber security support for SMBs

Security Aid is a non-profit providing free tools, guidance and practical support for SMBs, meaning small and medium-sized businesses. Aid+ paid services and platforms fund the free side of the mission and the long-term goal of running managed security services for SMBs at little or no cost.

82Readiness
Identity controlsStrong
Detection coverageImproving
Incident readinessAction needed
Free Security Aid

Free help stays at the core.

Public tools, practical guidance, awareness support and initial advisory time are kept free so SMBs can get real cyber security help without a consultancy barrier.

  • Free tools and public resources
  • Free community-focused guidance and awareness support
  • First 4 hours free for advisory-led services
  • Built for small and medium-sized businesses
Aid+ Funds The Mission

Paid work funds free managed support.

Aid+ covers premium assessment, advisory and platform delivery. Profit is used to keep Security Aid free where possible and to build a managed security service model for SMBs.

  • Premium assessments and architecture work
  • First 4 hours free, then discretionary standard-rate billing
  • Profit reinvested into free SMB services
  • Long-term managed service funding model
View Aid+
Featured Services

Free support and Aid+ delivery, structured around the mission.

Aid+ Advisory

Web App Penetration Testing

Application testing delivered through Aid+, with the first 4 advisory hours free before deeper testing or retest work becomes a paid engagement.

First 4 hours free, then paid at discretionary standard rates.

View service
Aid+ Assessment

Vulnerability Assessments

Structured vulnerability assessment support, with 4 free advisory hours before deeper assessment and reporting moves into Aid+ delivery.

First 4 hours free, then paid at discretionary standard rates.

View service
Aid+ Advisory

Security Advisory

Pragmatic security advisory for leadership and IT teams, with the first 4 hours free before ongoing advisory work moves into Aid+.

First 4 hours free, then paid at discretionary standard rates.

View service
Free Service

Security Awareness Training

Reduce everyday risk with free role-aware training guidance that turns security advice into practical habits.

Free as part of the non-profit mission.

View service
Free Service

Cyber Security Talks & Workshops

Free practical cyber security talks and workshops for SMBs, students and community groups.

Free community and SMB-focused sessions.

View service
Aid+ Advisory

Incident Response Planning

Prepare your business to respond calmly and effectively when an incident occurs, starting with 4 free hours of planning and review.

First 4 hours free, then paid at discretionary standard rates.

View service
Aid+ Advisory

Supplier & Third-Party Security Reviews

Third-party and supplier security reviews with 4 free advisory hours before deeper review and evidence analysis moves into Aid+.

First 4 hours free, then paid at discretionary standard rates.

View service
Aid+ Advisory

Microsoft Security Reviews

Improve Microsoft 365, Entra ID and Defender configurations with 4 free review hours before deeper assessment and reporting moves into Aid+.

First 4 hours free, then paid at discretionary standard rates.

View service
Aid+ Advisory

SIEM & Detection Engineering Reviews

Understand whether your logs, alerting and detections cover the threats that matter most, with 4 free initial review hours.

First 4 hours free, then paid at discretionary standard rates.

View service
Aid+ Advisory

Security Architecture & Roadmaps

Security architecture, roadmap and control design work, with the first 4 hours free before moving into paid Aid+ delivery.

First 4 hours free, then paid at discretionary standard rates.

View service
Featured Tools

Free tools for public use.

These public tools stay free. Premium assessment and managed-review platforms sit under Aid+ and help fund the free mission.

Aid+ Platforms

Premium platforms that fund the free service.

Aid+ now centres on Assessment Aid+, Containment Aid+ and Asset Aid+. The first 4 hours for advisory-led work are free, then delivery moves to discretionary standard rates.

Aid+ Platform

Asset Aid+

Critical external asset discovery for internet-facing domains, infrastructure, exposed admin surfaces and newly discovered public assets.

  • Domain and subdomain discovery
  • DNS, IP and ASN correlation
  • Asset typing for VPNs, admin panels and exposed apps
  • Scheduled rescans and new asset change tracking

Paid Aid+ platform. Advisory scoping starts with 4 free hours; ongoing delivery, tuning and reporting are paid. Profit funds free SMB services and the managed service mission.

View Aid+ Platform
Aid+ Platform

Assessment Aid+

One premium assessment platform where you choose the assessment you need and complete the relevant control review in one Aid+ workspace.

  • Cyber Essentials Assessment
  • SIEM Gap Assessment
  • Microsoft Defender Suite Assessment
  • Microsoft Purview Assessment

Paid Aid+ platform. First 4 advisory hours free, then assessment and reporting work is billed at discretionary standard rates.

View Aid+ Platform
Aid+ Platform

Containment Aid+

Premium containment and mass-compromise review delivery for Azure/M365, Okta and Salesforce environments.

  • Azure and M365 Containment Check
  • Okta Containment Check
  • Salesforce Containment Check
  • Mass-compromise workflow design and reporting

Paid Aid+ platform. The first 4 hours are free for triage and scoping; deeper investigation, reporting and workflow design are paid.

View Aid+ Platform
Latest Security News

Current cyber threats and defensive guidance.

View all news
The Hacker News

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for…

Read article
The Hacker News

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm,…

Read article
The Hacker News

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on…

Read article
The Hacker News

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine…

Read article

Security should be accessible.

Start with the free tools and resources. If you need deeper review, architecture or managed assessment support, Aid+ funds that work and puts the profit back into free SMB services and the managed security mission.

See How Aid+ Works