Cloudflare basics for small organisations
What Cloudflare really does for small sites, which settings matter, and how to avoid breaking your own website or email with well meaning changes.
Security and encryption for small organisations
Short, direct articles on security, logging, and encryption for organisations that actually handle risk, complaints, and sensitive information. Written so directors, trustees, and managers can act on them without becoming security engineers.
The focus here is not buzzwords. It is practical things like Cloudflare basics, evidence grade logs, and PGP contact tools that reduce harm when something goes wrong.
Cloudflare and firewalls
Evidence grade logs
PGP and secure contact
Governance and risk
Start here
If you only have time for a couple of pages, these three will move you furthest. They cover how your site is protected on the edge, how you keep records of what happened, and how you protect the most sensitive messages.
How evidence grade logs change the outcome of a dispute
How better logging from Cloudflare, hosting, and email tools changes the tone of complaints, audits, and regulator questions.
Why a PGP contact tool belongs on every serious website
A practical guide to PGP contact tools and why serious organisations should offer an encrypted route for whistleblowers and vulnerable users.
What this security hub focuses on
Most small organisations are not targeted because they are famous. They are targeted because they sit in someone else’s supply chain, politics, or story. The security hub focuses on the parts of your setup that actually matter when that happens.
- How traffic reaches your site through tools like Cloudflare, and what that means in practice.
- How you record what happened through evidence grade logs that hold up under scrutiny.
- How you limit the damage of a breach by encrypting the most sensitive messages at the edge.
- How these technical pieces support governance, complaints handling, and safeguarding in real cases.
The same approach is used in live public interest work on The Reasonable Adjustment, where logs and secure contact routes are not abstract, they are part of day to day protection.
Articles in this security hub
You can treat these as building blocks. You do not have to implement everything at once. Each page is written so you can act on it in isolation if needed.
Cloudflare and edge protection
Encryption and secure contact
Over time this hub will grow to cover bot traffic, scraping, and more detailed patterns for justice aligned and public interest work. If you have a specific scenario in mind, you can always ask for a focused article and we can build from there.
Who this is for
Leaders who need evidence, not jargon
Directors, trustees, and senior staff who sign off policies and respond to complaints but do not live in security dashboards all day. You need to know what is realistic for your size, not every possible control.
Operators who get left holding the risk
People who actually run websites, answer emails, and manage digital tools alongside their real job title. You get clear, practical patterns that can be implemented without buying a huge platform or hiring a full time security team.
If you want more than articles
Reading helps, but sometimes you need someone to map your current setup, tighten the basics, and write it down in normal language so you can show it to a board, funder, or regulator.
Ki-Ki offers a foundations review that covers domains, DNS, Cloudflare, logging, and secure contact routes in one joined up picture. You keep control of your accounts. I do the digging and write clear notes.
If capacity is tight I will say so and give a realistic start window. No sales scripts, no pressure.