What does the free cybersecurity diagnosis include?

In a first 30-minute session we review access, Microsoft 365, backups, network, devices, antivirus and policies. At the end we propose a prioritized plan.

Do I need technical knowledge to request the diagnosis?

No. We carry out the diagnosis ourselves. The basic information about how your company works is enough.

Does NIS2 affect my SME?

NIS2 directly affects companies in essential or important sectors. But many SMEs are affected indirectly if they are suppliers to companies subject to the directive.

Can you act as an external cybersecurity officer (virtual CISO)?

Yes. We offer a virtual CISO service: we act as your company's cybersecurity officer in an external and flexible way.

Do you help companies that have already suffered a cybersecurity incident?

Yes. We help you with initial containment, analysis, communication if needed, and a recovery plan.

Cybersecurity for SMEs · Barcelona

Cybersecurity for SMEs with a free diagnosis and a clear action plan

We review the main risks in your business — access controls, email, backups, network, devices and regulatory compliance — and give you a realistic roadmap to protect yourself without unnecessary complexity.

IT Audit · Virtual CISO · NIS2 · ENS · ISO 27001 · Incident Response

Request free diagnosis How does it work?

What the first session includes (30 min, free): We check whether you have critical risks in access controls, Microsoft 365, backups, email, network, devices and regulatory compliance. We then propose a prioritised plan: what needs fixing now, what can wait, and what you can delegate.

Services tailored to your situation

Not every SME needs the same thing. That is why we start with a diagnosis.

Every company is different: what is urgent for one may not be for another. Let’s talk first and we’ll understand your real situation.

I don’t know if we’re exposed

→Cybersecurity diagnosis

We assess the real risks in your SME and give you a clear report with priorities.

We’re being asked about NIS2, ENS or ISO 27001

→Regulatory compliance support

We help you understand which obligations apply to you and prepare the necessary measures.

We have no security officer

→Virtual CISO

An external expert who acts as your company’s security officer, with no permanent hiring cost.

We want to review network, email, backups and access controls

→IT Audit

A full technical review of your company’s infrastructure.

We’ve had an incident or want to be prepared

→Incident response plan

We define the action protocol so your company knows how to react and recover.

Request free diagnosis

Initial diagnosis

What do we review in the initial diagnosis?

In the first 30-minute session we carry out a structured review of the areas that most often cause problems for SMEs. The aim is to give you a real picture of your situation, not a list of generic problems.

🔒User access and passwords: who has access to what, password policy, two-factor authentication.

📞Microsoft 365 and email: security configuration, SPF/DKIM, external access, group policies.

💾Backups and recovery: frequency, storage, estimated recovery time, restoration tests.

🖧Network, Wi-Fi and remote access: segmentation, VPN, remote desktop access, uncontrolled access points.

🖥Servers and endpoints: pending updates, asset management, end-of-support devices.

💳Critical devices: POS terminals, IP telephony, payment systems and other connected devices.

🛡Antivirus and EDR: solution installed, actual coverage, recent alerts, incident response.

📋Basic security policies: password management, acceptable use, third-party access, employee offboarding.

📜Regulatory compliance: if NIS2, ENS or ISO 27001 applies, we carry out an initial assessment of the current status.

Our process

How does the diagnosis work?

A clear process, free of unnecessary technical jargon and with no initial commitment. We work with SMEs and we know that time is limited.

First conversation

Tell us briefly about your situation (30 minutes, free). No complex forms, no prior technical knowledge required.

Initial review

We review the key areas: access controls, email, backups, network and compliance. We identify the real risks in your environment.

Action plan

We propose a prioritised plan: what needs resolving now, what can wait, and what you can delegate. All with indicative resources and costs.

Ongoing support

If you want to move forward, we support you through implementation: as little or as in-depth as you need. No unnecessary fixed packages.

What makes us different

Why Funhelps?

We are a cybersecurity and IT consultancy specialising in SMEs, based in Barcelona. We work directly with the client, with no intermediaries or large-consultancy structures.

📅

+15 years of IT experienceWe know the real challenges facing SMEs: tight budgets, small teams and specific needs.

🤝

Direct contactYou speak with the technician who will work on your project, not with a salesperson. Clear answers, no runaround.

🏢

SME specialistsWe don’t apply enterprise-grade solutions. Our approach is proportionate to your context.

📐

Technical and regulatory expertiseWe understand both infrastructure and legal obligations (NIS2, ENS, ISO 27001). A single point of contact for everything.

✅

Actionable planWe don’t deliver reports that nobody reads. We propose things that can actually be done with your resources and your budget.

Regulatory compliance

NIS2, ENS and ISO 27001 for SMEs

Cybersecurity regulatory compliance is increasingly relevant for SMEs, both as a direct obligation and as a requirement from their clients. We help you understand whether it applies to you and prepare the necessary measures.

About NIS2

We help you understand whether NIS2 affects you and prepare the necessary measures before regulatory compliance becomes a problem. Europe has already set NIS2 obligations and Spain is completing the implementation framework. Affected companies should prepare now, particularly in governance, risk management, incident response and supply chain.

Check whether NIS2 applies to me

Does NIS2 apply to me?

NIS2 directly affects companies operating in sectors considered essential or important (energy, transport, health, digital infrastructure, manufacturing of certain products, digital service providers, among others). In Spain, definitive application depends on the full transposition of the directive, which is currently in progress.

However, even if your company is not directly obligated, it may be affected indirectly: if you are a service provider to a company that is subject to it, you will likely be required to demonstrate a certain level of security as part of their supply chain.

The best way to find out is to carry out an initial assessment of your activity and your client profile. We’ll clarify this for you in the free diagnosis.

Free diagnosis

Request the free diagnosis

Tell us about your company’s situation and we will get in touch for an initial assessment with no commitment. In 30 minutes you’ll have a clear picture of the main risks and the steps to take.

Please enable JavaScript in your browser to submit the form.kadence-form-cyberseg_ca .kadence-blocks-form-field.kb-submit-field { display: none; }

Prefer to contact us directly? Call, send an email or open a WhatsApp. We’ll get back to you within 24 hours.

📞 +34 935 951 264 ✉ comercial@funhelps.com 💬 WhatsApp

Frequently asked questions

Got a question?

What does the free diagnosis include?

In a first 30-minute session we review, based on specific questions and without needing access to your systems at this stage, your status on access controls and passwords, Microsoft 365 and email, backups, network and Wi-Fi, connected devices, antivirus and basic security policies.

At the end we propose a prioritised plan: what should be fixed now, what can wait, and what you can manage internally or delegate.

Do I need technical knowledge to talk to you?

No. We carry out the diagnosis. You just need to know how your business works: how many users you have, whether you use cloud or a local server, whether you have laptops or desktops, whether you do backups and how often. Nothing you don’t already know.

We translate the technical side into practical terms and tell you exactly what you should do, in order of priority.

Does NIS2 affect all SMEs?

Not all SMEs are directly obligated by NIS2. The directive applies mainly to companies of a certain size operating in essential or important sectors: energy, transport, health, digital infrastructure, manufacturing of certain products and digital services, among others.

However, many SMEs are affected indirectly: if you are a supplier to a company that is subject to it, you will likely be asked for security guarantees. If you’re not sure whether it applies to you, we can do a quick assessment in the free diagnosis.

Can you act as an external cybersecurity officer?

Yes. We offer the virtual CISO service (outsourced Chief Information Security Officer): we act as your company’s cybersecurity officer on an external and flexible basis.

This includes defining the security policy, monitoring the action plan, handling audits or client requirements, and serving as the technical point of contact when security-related decisions need to be made. All adapted to the scale and budget of an SME.

Do you also help if we’ve already had an incident?

Yes. If you have suffered a ransomware attack, an unauthorised access, a data breach or any other incident, we help you manage the situation: initial containment, analysis of what happened, communication if necessary, and a recovery plan.

Furthermore, once the situation is under control, we work together to identify the root causes and implement the measures that will prevent it from happening again.

Request free diagnosis

✓ First 30-minute session with no commitment · ✓ Direct contact · ✓ Barcelona-based SME, real IT experience