Cybersecurity & compliance

MFA & access control is about reducing the risk of unauthorized access to important accounts and systems. This can include multi-factor authentication, review of administrator accounts, roles, user permissions and access policies.

The goal is to make sure the right people have the right access, and that sensitive accounts are not protected by passwords alone.

Multi-factor authentication makes it harder for someone to access an account even if the password has been leaked or guessed. It is especially important for email, Microsoft 365, Google Workspace, hosting, domain accounts, finance systems, CRM and other business-critical services.

For many companies, MFA is one of the first security measures that should be put in place.

A Basic Security Review is a practical review of common risk areas in the company’s digital environment. We can check areas such as the website, email, user accounts, password routines, backup, administrator permissions and basic security settings.

After the review, you get a clearer picture of what is working, what should be improved and which actions should be prioritized.

No. A Basic Security Review is a broader review of common security risks and routines. A penetration test is a more technical and in-depth test where vulnerabilities are actively tested in, for example, a website, application, API or external environment.

If we identify a need for deeper testing, we can recommend it as a separate next step.

Email is often one of the most important areas to secure, because many breaches begin with compromised accounts, phishing emails or incorrect settings. We can review accounts, permissions, forwarding rules, login protection and technical settings that affect delivery and protection.

When needed, we can also help with SPF, DKIM and DMARC to strengthen the domain’s email security.

A GDPR review is about creating better control over personal data, routines, documentation and responsibilities. We review what personal data you handle, where it is stored, which systems are used, which suppliers have access and what routines are in place.

The goal is to give you a clear overview and a practical action list, without making the process more complicated than necessary.

We can help with structure, technical information, mapping and practical templates or drafts for routines, records, data processing agreements and policy texts. However, we are not a law firm, and final legal texts should be reviewed by the client or a legal advisor when needed.

Our focus is to help you gain practical control over data, systems, access, routines and documentation.

A data processing agreement is often needed when an external supplier processes personal data on behalf of the company. This may include system providers, hosting providers, CRM systems, newsletter platforms, IT suppliers or other digital services.

We can help you identify which suppliers may need to be reviewed and whether documentation appears to be missing or needs to be completed.

A gap analysis compares your current situation with a regulation, standard or desired security level. It is not the same as certifying the company immediately. Instead, it helps identify what is missing and which actions should be prioritized.

The analysis can include routines, responsibilities, risk management, incident processes, suppliers, access control, documentation, backup, logging and follow-up.

It is suitable for companies that are subject to requirements, supply customers with higher security demands or want to prepare for audits, procurement processes, supplier requirements or internal governance. It can also be relevant for growing companies that need more structured security work.

If you are unsure what level is required, we can start with a maturity analysis and suggest a reasonable first step.

No. A gap analysis shows the difference between the current situation and the desired level. A certification or formal audit usually requires a separate process with the correct scope, documentation, controls and, in some cases, an external auditor.

Our role is to help you understand the current situation, prioritize the right actions and create a clearer path forward.

Yes. We offer incident response for suspected breaches, malware, compromised accounts, data leaks or operational disruptions. The first step is to limit the damage, understand what has happened and secure important information.

After that, we can help with troubleshooting, recovery, documentation and recommendations to reduce the risk of the issue happening again.

Get help quickly and avoid deleting important information before the situation has been assessed. Do not randomly change everything without a plan, because logs, accounts and traces may be needed to understand what happened.

We help prioritize the right actions: secure accounts, limit access, check systems, review logs and create a recovery plan.

Incident response can include urgent troubleshooting, account checks, log review, isolation of affected systems, malware checks, recovery, guidance around data leaks and documentation of the event.

If the incident may affect personal data, we can also help collect technical information for further GDPR assessment.

Security monitoring means that important systems, accounts or environments are monitored for suspicious activity. This can include alerts, logs, unusual logins, system changes or other signs of risk.

SOC stands for Security Operations Center and refers to more structured monitoring, analysis and escalation of suspected incidents.

Yes, but the level should be adapted to the company’s needs and risk. Not every business needs an advanced SOC solution from the start, but many can benefit from basic monitoring of important accounts, email, backup and critical systems.

We help choose a level that is reasonable for the business instead of selling an unnecessarily heavy solution.

No. Antivirus or endpoint protection is one part of security, but security monitoring is broader. It is about detecting suspicious events, analyzing alerts and acting when something differs from normal behavior.

A strong security setup often combines several parts: account protection, backup, updates, monitoring, routines and clear responsibility.

Yes. We can set up backup with a suitable provider and adapt the solution to your needs. A simple website, an office with files and a business-critical system do not need the same level of backup.

The important thing is not only that backup exists, but that it can actually be restored when needed.

If you want to start practically and quickly, MFA & access control or a Basic Security Review is often the right starting point. If the issue is personal data and documentation, a GDPR review is more suitable. If you have requirements from customers, the financial sector, supply chains or standards, a NIS2 / DORA / ISO gap analysis may be the right path.

If there is an ongoing incident, incident response should be prioritized immediately.

You receive a clearer picture of the current situation and a prioritized list of recommended actions. Depending on the assignment, the delivery can consist of a short report, action plan, technical summary, risk assessment or material for further work.

The goal is for you to understand what needs to be done first, why it matters and what the next step will cost.

Yes. We can both perform the review and help implement the actions afterwards. This can include enabling MFA, adjusting permissions, improving backup, securing email, documenting routines, setting up monitoring or helping with technical changes.

This means the analysis does not just become a document, but leads to real improvements.

Yes. For many companies, cybersecurity and IT support are closely connected. Accounts, computers, email, backup, networks and user permissions affect both security and day-to-day operations.

That is why we can combine security work with practical IT support, installation, troubleshooting and ongoing technical help remotely or on site.