Information Security for SMEs

Small and medium-sized enterprises (SMEs) face particular challenges when it comes to information security for various reasons.

On one side, attacks against IT systems and infrastructures continue to increase. The threat in cyberspace is higher than ever. In its latest report on the state of IT security in Germany, the Federal Office for Information Security (BSI) reports more than 300,000 new malicious code variants per day. Attacks using ransomware, malware that often encrypts files or entire systems in order to extort ransom money, are also on the rise. In addition, there are phishing attacks and other social engineering variants such as CEO fraud, for example, an attack in which attempts are made to pressure employees into transferring large sums of money.

On the other side, the shortage of specialists, particularly in the field of information security, leads to small and medium-sized companies finding it increasingly difficult to hire employees who specialized in information security or can no longer afford them.

Therefore, we offer you a combination of different services that are specially tailored to your needs.


Overview of important standards and norms


CyberRiskCheck - Assessment of the Current Situation

The CyberRiskCheck according to DIN SPEC 27076 "IT-Sicherheitsberatung für kleine und Kleinstunternehmen" (IT Security Consulting for Small and Micro Enterprises) was developed by a consortium with the participation of the Federal Office for Information Security (BSI) in cooperation with the Bundesverband mittelständische Wirtschaft (BVMW).

The CyberRiskCheck consists of 27 questions grouped into 6 areas. In an interview, you are asked whether your company meets all requirements or whether there is a need for improvement in individual or all areas. The result is a report with a score, specific recommendations for action from us and, most importantly, which funding opportunities may be available.

More about the CyberRiskCheck according to DIN SPEC 27076

VdS 10005 - The ISMS for Small Businesses

Information security yes, but not based on gut feeling but systematically and standardized. This is now easy to implement thanks to new standards from VdS Schadenverhütung and others. In particular, the VdS 10005 "IT security for small and micro enterprises" and the VdS 10000 "Information security management system for small and medium-sized enterprises" guidelines should be mentioned here. These guidelines define security requirements and necessary measures that can be adapted to any size of company and offer effective information security.

What is particularly interesting is that the standards grow with your company. You can start with VdS 10005, jump to VdS 10000 as a growing company and switch to ISO 27001 as a larger company. All guidelines are upwardly compatible, i.e. the measures implemented for VdS 10005 can be fully integrated into larger guidelines.

More about VdS 10005

External ISO - The Necessary Expertise

The external information security officer (ISO) is your specialist on call. Just as you have outsourced the safeguarding of data protection requirements to an external data protection officer, you can also outsource the safeguarding of information security requirements to an external information security officer.

The external ISO takes care of drawing up the necessary security concepts and guidelines, raises employee awareness, advises the management on all aspects of information security and checks the actual IT security in your company. The external ISO usually works closely with your IT department or your IT service provider and your data protection officer.

More about the external ISO

Our Service

We carry out a cyber risk check together with you, assess your company's information security and provide you with specific recommendations for action. We set up an information security management system for you, create all guidelines and concepts and document the implemented measures in a comprehensible manner, for example for cybersecurity insurance. As an external ISB, we support you in all matters relating to information security, advise you on specific issues and ensure that your company is optimally protected against attacks.