4nes Information Technology Services GmbH
Poppelsdorfer Allee 106
D-53115 Bonn
Tel.: +49(0)228 299744 50
E-Mail: service(at)4nes(dot)com


IT security checklist for small and medium-sized enterprises

Get in contact with us now!

We live in a world of so-called digital transformation. The term digital change or digital transformation refers to the ongoing process of change. More and more processes are automated. The digital transformation affects not only our professional environment, but also our private lives.

Security in information technology plays an important role in companies today. Growing demands on IT networks and digitalisation are putting pressure on the nature of networks, data protection and employees. Confidentiality and data protection are more important than ever before.

Take 5 minutes and go through our IT security checklist. Find out if you too need help with your information security.  We are IT service providers and are happy to help you every step of the way.

Requirements for companies and employees

Make sure that information security is a lived concept in your company. Responsibilities and competences must be clearly defined - processes clearly structured.

In times of digitalisation and the spread of online trade, almost every company works with personal data and a data protection officer is becoming increasingly important for many companies.

Through websites, newsletters, customer orders, but also through employment contracts, this data is collected, processed and used by the company. A data protection officer is a requirement for companies with 20 or more employees.

Employees often use double passwords. Technical devices remain switched on when going to colleagues or to the toilet. Pay attention to confidentiality! Pay attention to data security. Colleagues should not talk about confidential matters in the corridor.

You can find this and much more in our IT security checklist! Do a quick check! We will be happy to put together suitable measures for you. We train your employees with our IT security training or check your systems and networks for security gaps with a vulnerability analysis.  We are a service provider and can help you further with the selection of a data protection officer. We encrypt your systems!

Your contact:
Michael Kraus
Tel: +49(0)228 299744 50

IT Security Checklist

  • Firewall and Antivirus protection
  • Old operating systems, old software, no updates
  • Unauthorised access to systems
  • Encryption of emails
  • Social Engineering
  • Phishing

Firewall and Antivirus protection

A virus scanner scans all files that are already on your computer. It removes viruses and other malware that it finds. A firewall checks incoming internet traffic for viruses and malware and prevents them from getting onto your computer. Both systems are mandatory for every business these days. They detect external dangers at an early stage.

We are Sophos and Bitdefender partners. Talk to us!

Old operating systems, old software, no updates

Dealing with software and especially software updates forms an important security guideline. New software and new security holes that cause damage are the order of the day these days. Programmes and operating systems must be constantly updated. If this task lies centrally with one person, that is sufficient. Often, however, this task is distributed in the hands of individual employees.

Update requests come at regular intervals and can be annoying. Employees then carry out updates only sporadically. This can lead to serious consequences. Almost all known damage in companies is caused by Windows updates that have not been carried out.

Another risk for companies is software that employees are allowed to freely download onto their computers. These often represent a security risk for the company. Security precautions must be taken here.  

We would be happy to carry out a vulnerability analysis in your company. We determine your risks and security gaps. We bring your company up to date!

Regular data backup is still an indispensable risk precaution. Information security and information technology form the basis and basic protection. Nevertheless, these do not protect against natural disasters, fire damage or targeted vandalism. We recommend storing all data off-site. Daily backups and the data backup must be taken home on tapes in the evening. A fireproof safe serves as the best protection against loss.

Cloud solutions offer an alternative today. Here you need to take clear security precautions. Talk to us!

Unauthorised access to systems

Passwords and access controls play a crucial and underestimated role in companies. User names, passwords and encryption procedures are the only way to work confidentially.

We recommend using all passwords in accordance with the latest BSI standards. Use password encryption and password management programmes. These programmes not only help to secure passwords individually. They help when employees are absent in the long term.

Train your employees not to talk about internal matters in public places. Set guidelines for the handling of technical devices in the workplace. These should always be switched off when leaving the workplace.

Encryption of emails

Different encryption methods are used on the Internet. ... Websites that use an encryption method can be recognised by the prefix "https://" instead of the "http://". The additional "S" stands for security, which is pronounced Hypertext Transfer Protocol Secure.

Most staff do not pay attention to the full name of the URL on the pages. But it makes an enormous difference. http stands for pages that merely refer from one page to another. The information is only passed on without worrying about the how. This means that http pages can be tapped and changed. You make yourself more vulnerable by using these pages.

Https is not the opposite but works as a big sister. The secure at the end is used to encrypt data that is sent. This makes them less vulnerable and better protected.

Educate your employees about its use and motivate them to visit only secure websites through self-monitoring.

Do you use S/MIME certificates? Do you have active exchanges with external interest groups? Then we advise you to use them. The certificates are integrated into the e-mail programme and ensure an encrypted exchange between the parties.

Social Engineering

Social engineering describes how employees can be digitally attacked or influenced from the outside. Attackers try to gain the trust of the victims - and thus access - to sensitive data. Passwords, credit card data or other information are then no longer safe. As a service provider, we train your employees! We make sure that information security is lived in your company. Data must not fall into the hands of third parties.


Attackers use phishing to gain access to your business through fake emails, short messages or fake websites. Nowadays, these attacks are good and seem genuine. You can often hardly distinguish the messages from the original. Train your employees! They need to know what senders or spellings look like from potential attackers. They must be careful to recognise layouts and thus prevent dangers. Through targeted measures, we show you how to strengthen security in your company!



4nes Information Technology Services GmbH
Poppelsdorfer Allee 106
D-53115 Bonn
Tel.: +49(0)228 299744 50
E-Mail: service(at)4nes(dot)com