FAQ
What is the difference between the Essentiel, Avancé and Premium packages?
The three packages differ in their depth of analysis:
- Essentiel: 10 control points, basic network mapping, automated scan for common vulnerabilities, simplified report — for SMEs beginning their security journey.
- Avancé: 15 control points, manual intrusion tests, configuration analysis of active devices, detailed report with prioritised action plan.
- Premium: 20 control points, internal and external penetration tests, attack simulation, full analysis of segmentation and access, presentation of results to management.
All packages include post-audit follow-up and implementation assistance.
What is the difference between the Essentiel, Avancé and Premium packages?
The three packages differ in their depth of analysis:
- Essentiel: 10 control points, automated scan, simplified report — for small sites or first audits.
- Avancé: 15 control points, manual testing of common vulnerabilities, authentication analysis, detailed report with prioritised action plan.
- Premium: 20 control points, in-depth penetration tests, API and database audit, full OWASP Top 10 verification, presentation session included.
All packages include post-audit follow-up and implementation assistance.
What is the first thing to do in the event of a cyberattack?
Immediately isolate the compromised systems from the network, do not pay a ransom, document the incident and contact a cybersecurity specialist. Bexxo offers an incident response service for Swiss businesses.
What is the purpose of the CVE Find website?
Our service www.cvefind.com is a search and monitoring platform dedicated to IT vulnerabilities. It allows cybersecurity professionals, developers, administrators, or CISOs to quickly consult known vulnerabilities (CVEs), track their evolution, and access additional indicators to prioritize remediation.
Our goal with CVE Find is to make information more accessible, readable, and actionable than on official databases, which are often too technical or not very user-friendly. We centralize useful data (CVSS, EPSS, KEV status, dates, affected products), and facilitate decision-making for remediation or alert actions.
What is the role of the OFCS in cybersecurity in Switzerland?
The OFCS (Federal Office for Cybersecurity, formerly NCSC) is the national Swiss authority responsible for coordinating the protection of critical infrastructure, managing cybersecurity incidents at the national level and raising awareness among businesses and the general public. It regularly publishes alerts, recommendations and reports on current threats. Bexxo follows its publications to remain aligned with Swiss strategic and regulatory priorities — particularly in the context of the nFADP (new Federal Act on Data Protection).
What services does Bexxo offer to SMEs?
Bexxo offers 5 service categories: (1) Web and network security audits (ISO 27001, NIST CSF); (2) Penetration tests; (3) Vulnerability monitoring via CVE Find, integrating MITRE, NVD and CISA KEV data; (4) Phishing simulation via PhishTrainer, a Swiss software with client-side encryption; (5) Consulting and nFADP compliance. Our audits detect an average of 12 to 15 critical vulnerabilities per SME.
What should I do if I clicked on a phishing link?
Act immediately: (1) disconnect from the company network (Wi-Fi, cable); (2) report the incident to your IT department or security officer without delay — by phone, not by email; (3) change your password from another secure device; (4) do not delete the suspicious email, it is needed for forensic analysis; (5) enable MFA if not already done. The faster you act, the more the damage can be limited.
Which password manager do you recommend for a Swiss SME?
Our comparative analysis from February 2026 evaluates 8 solutions for Swiss SMEs (5-200 employees). Only 3 fully comply with the nFADP with hosting in Switzerland or Europe. Download the full report to discover our detailed recommendation by SME profile.
Which standards are your security policy templates based on?
Our 12 security policy templates are aligned with the controls of ISO 27001:2022 (Annex A) and NIST CSF recommendations. They cover key areas: authentication, access control, data classification, cryptography, backups, supplier management and human resources.
Who is Bexxo and what are its specialties?
Bexxo is a cybersecurity expert company based in Neuchâtel, Switzerland. We conduct audits, offer consulting services, and help our clients improve the protection of their IT systems against current threats.
Who should be trained in an SME?
In an SME, all employees should be trained, at least on the basics of cybersecurity. Every profile is concerned: the administrative staff who manage sensitive documents, the sales representative who exchanges emails with external parties, or the technician who accesses management tools. The training must be adapted to the role and the risks associated with each position.
In addition, technical teams, security referents (when they exist), and management must undergo more in-depth training to understand the issues, manage decisions, and react effectively in the event of an incident. In an SME, where resources are limited, training intelligently and progressively is often more realistic than aiming for exhaustiveness.
Why define clear cybersecurity objectives?
Precise and measurable objectives help structure available resources, anticipate threats, and implement targeted action plans to strengthen the overall resilience of your infrastructure.
Why does Bexxo rely on the NIST CVSS to assess the criticality of vulnerabilities?
The CVSS (Common Vulnerability Scoring System), developed by NIST, is the universal standard for assessing the severity of vulnerabilities. It assigns each vulnerability a score from 0 to 10 based on objective criteria: attack vector (network, local, physical), exploitation complexity, privileges required, user interaction, and impact on confidentiality, integrity and availability. Using CVSS allows Bexxo to communicate vulnerability criticality in a standard language understood by all IT professionals — and allows our clients to compare audit results with globally recognised benchmarks.
Why does a Swiss SME need a cybersecurity audit?
Over 40% of cyberattacks in Switzerland target SMEs. An audit identifies vulnerabilities in your systems (network, website, access) before they are exploited, and ensures compliance with ISO 27001 and the Swiss Data Protection Act (nDSG).
Why is Bexxo unique for responding to ransomware?
Bexxo is one of the rare organisations in Switzerland to combine two complementary expertises under one roof: cybersecurity and physical data recovery. Our group includes SOS Data Recovery (sdr.ch), a recovery specialist since 2006, equipped with a cleanroom and forensic equipment to intervene on all types of media — hard drives, SSDs, RAID, NAS, servers. In practice: a standard cybersecurity provider stops at software decryption and backups. If these options fail, they have nothing more to offer. Bexxo can go one step further and attempt physical data extraction from the medium — a decisive capability in the most critical cases.