FAQ
What are the obligations of the nFADP for Swiss SMEs?
The nFADP requires maintaining a record of processing activities, reporting breaches within 72 hours, conducting impact analyses and implementing appropriate technical measures. Fines can reach CHF 250,000.
What are the obligations under the nFADP in the event of a data breach?
The nFADP requires notification to the FDPIC within 72 hours, informing affected individuals if the risk is high, and documenting the incident. Fines can reach CHF 250,000 for the responsible persons.
What are the risks associated with a lack of awareness?
A lack of awareness exposes the company to very real risks: opening fraudulent emails, installing malware, data leaks, or even bad practices such as using unencrypted media or sharing passwords. These errors can lead to costly cyberattacks or even business interruptions.
In addition, untrained personnel can become the unintentional entry point for ransomware, data theft, or industrial espionage. In a context of increasing digitization, ignoring this aspect amounts to leaving a permanent flaw in the company's defense.
What areas does the cybersecurity analysis cover?
The analysis covers 5 priority areas for SMEs:
- Network: firewall configuration, remote access (VPN), segmentation.
- Website: SSL/TLS, security headers, common vulnerabilities (OWASP Top 10).
- Authentication: password policy, MFA, administrator access management.
- Training: level of team awareness on phishing (91% of cyberattacks start with an email — Proofpoint 2024).
- Data: classification of sensitive data, nFADP compliance.
Depending on your needs, the analysis can focus on one or more specific areas.
What benefits do companies gain from a network audit?
Optimized performance, reduced vulnerabilities, and service continuity. You'll have a network that is both reliable and scalable.
What certifications guarantee Bexxo's reliability?
Bexxo / Tesweb SA holds three key certifications: the CyberSafe Label, recognising companies committed to a proactive cybersecurity approach; the Swiss Label, a certification from the Swiss Union of Arts and Crafts (sgv) guaranteeing 100% Swiss anchoring of products and services (founded in 1917, centenary celebrated in 2017); and a federal clearance allowing intervention in classified environments — the highest level of rigour in confidentiality.
What cybersecurity services does Bexxo offer?
Bexxo offers web and network security audits, penetration testing (pentest), cybersecurity consulting, anti-phishing training with PhishTrainer, and continuous vulnerability monitoring via CVE Find.
What deliverables can I expect from a cybersecurity consultation?
You will receive a detailed action plan with customized recommendations and an implementation timeline. Bexxo also provides follow-up to measure progress and adjust the strategy as needed.
What do you receive at the end of the analysis?
At the end of the exchange with the Bexxo expert, you receive by email a personalized PDF report including: (1) a summary of the risks identified by area, classified by criticality (high/medium/low); (2) a prioritized action plan with the measures to implement first; (3) recommendations adapted to the size and sector of your company. You can view an example report via the link below. This report can be used as a basis for your internal audits or presented in the event of an nFADP inspection.
What is Bexxo Academy?
Bexxo Academy (academy.bexxo.ch) is Bexxo's cybersecurity training platform, dedicated to Swiss SMEs, their employees and the general public. It offers interactive modules, phishing simulators, quizzes, videos and educational games, accessible 24/7 from any device. It is complemented by in-person sessions at Bexxo's premises in Ins (BE), for up to 20 people.
What is Bexxo's free cybersecurity analysis?
Bexxo's free cybersecurity analysis is a personalized assessment of your company's security posture, carried out free of charge and without commitment by a Bexxo expert. In a 30-minute exchange, we assess your risks across 5 areas: network infrastructure, website, access management (MFA authentication), team awareness on phishing, and classification of sensitive data. You then receive a written PDF report with the identified vulnerabilities and a prioritized action plan — identical to the report given to our paying clients.
What is Bexxo?
Bexxo is the cybersecurity division of Tesweb SA, a Swiss company founded in 2006 in Ins (canton of Berne). Launched as a distinct and protected brand in 2023, Bexxo supports SMEs in French-speaking Switzerland with security audits, penetration tests, anti-phishing training and vulnerability monitoring. Certified with the Swiss Label and CyberSafe Label, we guarantee 100% Swiss services.
What is CVE Find?
CVE Find is a Swiss vulnerability monitoring platform, developed and maintained by Bexxo (tesweb SA). It covers the entire MITRE CVE database with real-time updates, email and SMS alerts, and integrated scoring to prioritise patches. The interface is available in French, English and German.
What is EBIOS Risk Manager?
EBIOS Risk Manager is the ANSSI risk analysis method, structured in 5 workshops: scoping, risk sources, strategic scenarios, operational scenarios and treatment. Adopted by French government bodies and many French-speaking companies, it identifies the most realistic threats and prioritises security investments.
What is PhishTrainer?
PhishTrainer is a Swiss phishing simulation software developed by Bexxo. It sends real simulated fraudulent email campaigns to a company's employees — with no real risk — to test their vigilance, identify vulnerable profiles, and measure the effectiveness of training. Data remains hosted in Switzerland, in accordance with the nFADP. PhishTrainer works in synergy with Bexxo Academy, Bexxo's e-learning platform.