Home  /  Comprehensive IT Security Assessment

Solutions

Comprehensive IT Security Assessment

Find out exactly where your business is exposed. For free.

Comprehensive IT Security Assessment

Most businesses don't know their security gaps until something goes wrong. By the time you find out your backups weren't working, or that nobody had switched on two-step login, the damage is already done.

Our security assessment finds these gaps before an attacker does. It's free, it comes with a written report, and there's no obligation to do anything with it afterwards.

What we actually check

A qualified engineer visits your office and reviews:

Backups

Whether your data — including your Microsoft 365 or Google Workspace email and files — is actually backed up. (Most businesses assume Microsoft does this. It doesn't.)

Device protection

Whether your laptops and PCs are encrypted, so a lost or stolen device doesn't mean a data breach.

Antivirus and threat detection

Whether your antivirus is actually running, up to date, and centrally monitored — on every device, not just some of them.

Login security

Whether two-step login (also known as multi-factor authentication) is switched on across your accounts. This single control blocks the vast majority of account takeover attempts.

Software updates

Whether your operating systems and applications are being patched automatically, or whether known security gaps are sitting unaddressed.

Network and Wi-Fi

Whether your network is properly configured and segmented, and whether your Wi-Fi is secure.

Cyber Essentials readiness

Whether your business would currently pass a Cyber Essentials assessment, and what would need to change if not.

What you get afterwards

A written report, in plain English, that tells you:

  • What's working well
  • What's at risk, and how serious that risk actually is
  • What it would take to close the gaps

No sales pressure. No obligation. You can use the report however you like, including taking it to another IT provider if you choose to.

Who this is for

This assessment is useful whether you:

  • Have no IT support and want to know where you stand
  • Have an IT company already, and want an independent second opinion ahead of renewal
  • Have an in-house IT person who would benefit from specialist tooling and a fresh set of eyes

Why it's free

We'd rather show you what we find than tell you to trust us. If the assessment shows you're in good shape, that's a good outcome too. If it shows gaps, you'll know exactly what they are — and you can decide what to do about them with us or without us.

Book your free assessment   or call +44 (0) 207 403 4031

One monthly fee. One number to call. And the day-to-day risk of keeping your business secure becomes our job, not yours.

FAQ

Common questions

What is a comprehensive IT security assessment?

A comprehensive IT security assessment is a structured review of your business’s IT setup, carried out by a qualified engineer. It looks at the security and reliability of your systems including your backups, device encryption, antivirus coverage, login security, software patching, network configuration, and Cyber Essentials readiness.

The result is a written report in plain English that tells you what is working, what is at risk, and what it would take to close the gaps.

How much does an IT security assessment cost?

Network Fish offers a free IT security assessment, also called a free site survey, to any London business that wants one. A qualified engineer visits your office, carries out the review, and provides a written report at no charge and with no obligation to proceed further.

For businesses not based in London or requiring a more in-depth standalone security engagement, please contact us to discuss options.

What does Network Fish check during a free IT security assessment?

During the free site survey, we check whether your data is being backed up and whether those backups can actually be restored; whether your devices are encrypted so that a lost or stolen laptop cannot be read by a third party; whether antivirus is running and up to date on every device; whether two-step login (multi-factor authentication) is switched on across your accounts; whether your software and operating systems are being patched automatically; whether your network and Wi-Fi are correctly configured and segmented; and whether your business would currently pass a Cyber Essentials assessment.

How long does an IT security assessment take?

A typical site survey takes between one and two hours depending on the size of your business and the number of devices and systems in scope. The written report is provided afterwards, usually within a few working days.

Do I need to prepare anything before the assessment?

No significant preparation is needed. It helps if someone with basic knowledge of your IT setup is available during the visit, for example an office manager or the person who normally deals with IT questions.

If you have an existing IT company, it is useful but not essential to have any recent reports or documentation they have provided.

Who should get an IT security assessment?

An IT security assessment is useful for any London business, regardless of size or sector. It is particularly valuable if you have no IT support in place and want to understand where your risks are; if you have an existing IT company and want an independent second opinion ahead of contract renewal; if you have recently moved offices, changed staff, or migrated to cloud systems and want to confirm your setup is still secure; or if a client, insurer, or partner has asked whether you hold Cyber Essentials certification and you are not sure whether you would pass.

Will the assessment tell me if I need Cyber Essentials?

Yes. Cyber Essentials readiness is one of the areas we specifically check during the site survey. We will tell you whether your current setup would pass the five Cyber Essentials technical controls, and if not, what would need to change.

For Network Fish managed support clients, the gap analysis and support through the Cyber Essentials certification process are included in the contract at no extra charge. The only additional cost is the certifying body fee, currently around £300, paid directly to the certifying body.

Is there any obligation to sign up to a contract after the assessment?

No. The assessment is genuinely free with no obligation. The written report is yours to keep and use however you choose, including taking it to another IT provider.

Many businesses use it as a benchmark before a contract renewal, or simply to understand their current position before making any decisions.

What happens after the assessment?

We provide a written report summarising what we found, what the risks are, and what we would recommend. If there are gaps we can address, we will explain what that would involve and what it would cost. If you are already well covered, we will tell you that too.

There is no pressure to act on anything immediately, and no obligation to use Network Fish to address what we find.

Can Network Fish carry out a security assessment for a business outside London?

Our free on-site survey is available to businesses in London, where our engineers are based. For businesses outside London, we can carry out a remote security assessment covering your cloud systems, Microsoft 365 or Google Workspace configuration, and device management setup.

Please contact us to discuss what would be most useful for your specific situation.

How is a Network Fish security assessment different from a penetration test?

A security assessment looks at the overall health and configuration of your IT systems, identifying known gaps, misconfigurations, and areas of risk. A penetration test (or pen test) goes further: it involves an accredited tester actively attempting to break into your network to find vulnerabilities that might not be visible through a configuration review alone.

Network Fish offers CREST-certified penetration testing as an additional service for businesses that need that level of independent, audited assurance. Many businesses start with a security assessment and progress to a penetration test once the foundational gaps have been addressed.