What the checklist covers
Most Berlin SMBs we audit have between 6 and 12 unresolved security controls — not because the business is negligent, but because IT security work requires time and expertise that most small teams simply do not have. This checklist gives you a structured starting point.
🔐 Identity & Access Management — MFA enforcement, stale account auditing, least-privilege controls, sign-in anomaly review
🌐 Network Security — Guest Wi-Fi segmentation, firmware patching, RDP exposure, DNS filtering
💻 Endpoint Protection — Managed EDR deployment, patch compliance, BitLocker encryption, admin rights audit
💾 Backup & Recovery — 3-2-1 coverage, quarterly restore tests, immutable storage, RTO/RPO definition
📋 GDPR & NIS2 Compliance — Processing records (Art. 30), breach response procedure, NIS2 scope assessment, staff training
🚨 Incident Response — IR playbook, cyber insurance verification, emergency contact sheet
24 controls across 6 categories. Each item includes a plain-English explanation of the risk, a specific action to take, and a validation step so you know when it is actually done — not just partially implemented.
Who this is for
This checklist is designed for Berlin businesses with 5–100 employees that either manage their IT internally or are reviewing the work of an existing IT provider. You do not need a technical background to use it — every item is written to be understood by a business owner or office manager, not just an IT engineer.
Get your free checklist
Free PDF · 24 controls · 2026 Edition
Where should we send your free checklist?
Found gaps? We offer a free 30-minute security review where we go through your checklist results and give you a prioritised action plan. Book a call →
Frequently asked questions
Is this checklist really free?
Yes. There is no catch. We share it because most businesses genuinely do not know where to start with security, and we would rather you find your gaps now than discover them during an incident. If you want help implementing the controls, we are available — but there is no obligation.
How long does it take to work through the checklist?
A first pass with your IT person or MSP typically takes 1–2 hours. Some items you will be able to tick immediately. Others will require follow-up work. We recommend treating the first run as an audit, not an implementation session.
Does this apply to NIS2?
Several controls in Section 5 (Compliance & Data Protection) directly address NIS2 requirements for Berlin businesses. However, this checklist is not a formal NIS2 gap analysis — it is a security baseline. If you are an essential or important entity under NIS2, you should commission a dedicated assessment. Read our NIS2 guide →
What if we need help implementing these controls?
We provide managed IT and security services in Berlin and Brandenburg. If you find gaps you do not have the internal resource to fix, get in touch and we can either conduct a paid security audit or take on the remediation work directly as part of a managed service engagement.
What the checklist covers
Most Berlin SMBs we audit have between 6 and 12 unresolved security controls — not because the business is negligent, but because IT security work requires time and expertise that most small teams simply do not have. This checklist gives you a structured starting point.
🔐 Identity & Access Management — MFA enforcement, stale account auditing, least-privilege controls, sign-in anomaly review
🌐 Network Security — Guest Wi-Fi segmentation, firmware patching, RDP exposure, DNS filtering
💻 Endpoint Protection — Managed EDR deployment, patch compliance, BitLocker encryption, admin rights audit
💾 Backup & Recovery — 3-2-1 coverage, quarterly restore tests, immutable storage, RTO/RPO definition
📋 GDPR & NIS2 Compliance — Processing records (Art. 30), breach response procedure, NIS2 scope assessment, staff training
🚨 Incident Response — IR playbook, cyber insurance verification, emergency contact sheet
24 controls across 6 categories. Each item includes a plain-English explanation of the risk, a specific action to take, and a validation step so you know when it is actually done — not just partially implemented.
Who this is for
This checklist is designed for Berlin businesses with 5–100 employees that either manage their IT internally or are reviewing the work of an existing IT provider. You do not need a technical background to use it — every item is written to be understood by a business owner or office manager, not just an IT engineer.
Get your free checklist
Free PDF · 24 controls · 2026 Edition
Where should we send your free checklist?
Found gaps? We offer a free 30-minute security review where we go through your checklist results and give you a prioritised action plan. Book a call →
Frequently asked questions
Is this checklist really free?
Yes. There is no catch. We share it because most businesses genuinely do not know where to start with security, and we would rather you find your gaps now than discover them during an incident. If you want help implementing the controls, we are available — but there is no obligation.
How long does it take to work through the checklist?
A first pass with your IT person or MSP typically takes 1–2 hours. Some items you will be able to tick immediately. Others will require follow-up work. We recommend treating the first run as an audit, not an implementation session.
Does this apply to NIS2?
Several controls in Section 5 (Compliance & Data Protection) directly address NIS2 requirements for Berlin businesses. However, this checklist is not a formal NIS2 gap analysis — it is a security baseline. If you are an essential or important entity under NIS2, you should commission a dedicated assessment. Read our NIS2 guide →
What if we need help implementing these controls?
We provide managed IT and security services in Berlin and Brandenburg. If you find gaps you do not have the internal resource to fix, get in touch and we can either conduct a paid security audit or take on the remediation work directly as part of a managed service engagement.
Free Resource — IT Security Checklist
Is Your Berlin Business Properly Protected?
Download our free 24-point IT security checklist — the same framework our engineers use when auditing new clients in Berlin.
What the checklist covers
Most Berlin SMBs we audit have between 6 and 12 unresolved security controls — not because the business is negligent, but because IT security work requires time and expertise that most small teams simply do not have. This checklist gives you a structured starting point.
🔐 Identity & Access Management — MFA enforcement, stale account auditing, least-privilege controls, sign-in anomaly review
🌐 Network Security — Guest Wi-Fi segmentation, firmware patching, RDP exposure, DNS filtering
💻 Endpoint Protection — Managed EDR deployment, patch compliance, BitLocker encryption, admin rights audit
💾 Backup & Recovery — 3-2-1 coverage, quarterly restore tests, immutable storage, RTO/RPO definition
📋 GDPR & NIS2 Compliance — Processing records (Art. 30), breach response procedure, NIS2 scope assessment, staff training
🚨 Incident Response — IR playbook, cyber insurance verification, emergency contact sheet
24 controls across 6 categories. Each item includes a plain-English explanation of the risk, a specific action to take, and a validation step so you know when it is actually done — not just partially implemented.
Who this is for
This checklist is designed for Berlin businesses with 5–100 employees that either manage their IT internally or are reviewing the work of an existing IT provider. You do not need a technical background to use it — every item is written to be understood by a business owner or office manager, not just an IT engineer.
Get your free checklist
Free PDF · 24 controls · 2026 Edition
Where should we send your free checklist?
Found gaps? We offer a free 30-minute security review where we go through your checklist results and give you a prioritised action plan. Book a call →
Frequently asked questions
Is this checklist really free?
Yes. There is no catch. We share it because most businesses genuinely do not know where to start with security, and we would rather you find your gaps now than discover them during an incident. If you want help implementing the controls, we are available — but there is no obligation.
How long does it take to work through the checklist?
A first pass with your IT person or MSP typically takes 1–2 hours. Some items you will be able to tick immediately. Others will require follow-up work. We recommend treating the first run as an audit, not an implementation session.
Does this apply to NIS2?
Several controls in Section 5 (Compliance & Data Protection) directly address NIS2 requirements for Berlin businesses. However, this checklist is not a formal NIS2 gap analysis — it is a security baseline. If you are an essential or important entity under NIS2, you should commission a dedicated assessment. Read our NIS2 guide →
What if we need help implementing these controls?
We provide managed IT and security services in Berlin and Brandenburg. If you find gaps you do not have the internal resource to fix, get in touch and we can either conduct a paid security audit or take on the remediation work directly as part of a managed service engagement.