Fixed-price vulnerability assessment for SMBs

Someone is already scanning your practice. We tell you what they see - before they use it.

Fixed-price external vulnerability assessment for dental clinics, accounting firms, and aesthetic medicine practices. No IT department required. Results in 5 business days. Written in plain English - so the people running your business can actually act on it.

Get my free pre-scan - 24 h See exactly what we check
  • Free pre-scan, no obligation
  • Fixed price - no hourly bills, no surprises
  • Report in 5 business days, not 5 weeks
€20M1
or 4% of annual turnover - the cap for a GDPR breach. Patient and client data sits in your hands every day.
72 h2
you have to notify the regulator after becoming aware of a breach. Most SMBs can’t answer “what happened” in that window.
$3.31M3
average cost of a breach for an organisation under 500 employees in 2024. For a clinic, that’s the business.

Fit check

This is built for one kind of business

CyberCerber is designed for small and medium practices that hold sensitive personal or financial data but don't have a full-time security team. If that's you, this is the cheapest, fastest way to know what you're exposing.

For you if:

  • You run a dental clinic, accounting firm, or aesthetic medicine practice (1-50 employees)
  • You process patient records, financial data, or before/after photos
  • You rely on an external IT provider (or no IT at all) and can’t tell what’s exposed to the internet
  • You’ve ever thought "I’d have no idea if we were already compromised"

Probably not for you if:

  • You already have an internal SOC or a recent pen-test report (in the last 12 months)
  • You want a compliance certificate to file, not findings to fix (we’re a security firm, not an audit firm)
  • You’re looking for managed EDR / 24-7 monitoring (we scope once; we don’t hold the keys)

Three verticals, one methodology

Specialized assessment for your industry

We only work with three kinds of business - because the threats against them are specific, repeatable, and completely fixable when you know where to look.

Dental Clinics

Patient records sell for up to 50× more than credit cards on the dark web. Your practice holds exactly what attackers pay for: full identities, health histories, payment data - usually on ageing Windows machines behind a single consumer router.

See what we check

Accounting Firms

One compromised inbox can redirect a client's wire transfer. One exposed NAS can leak every tax return you've filed this year. For an accounting firm, a breach isn't a technical problem - it's a licence problem.

See what we check

Aesthetic Medicine

Before/after photos are health data under GDPR Art. 9. One stolen storage folder and your clients' intimate images are online - with your name attached. No PR campaign recovers from that.

See what we check

The process

How CyberCerber works

  1. 01

    Free Pre-Scan (24 hours)

    Before we talk price, we scan your public-facing infrastructure using the same tools attackers use. You get a short summary of what's exposed - open ports, leaked credentials, email spoofing risk. No access required on your end. No obligation.

  2. 02

    Full Assessment (5 business days)

    If the pre-scan finds something worth acting on, we run a complete external assessment: every exposed service, known CVE, leaked staff credential, email security record, and web application vulnerability. Fixed price. No hourly billing.

  3. 03

    Report + 30-min Debrief

    You get a prioritised report in plain English (Polish version on request) with critical / high / medium / low findings and a concrete fix order. Then 30 minutes on a call to walk your IT provider or practice manager through it. What to fix. In what order. What it’ll cost.

What's actually in it

Your free pre-scan includes

Most cybersecurity sales calls want your budget first. Ours start by showing you what attackers can already see - for free, in 24 hours, with zero access required on your end.

  • External port & service scan

    Every service facing the public internet, identified by version.

  • Known-CVE match

    Your exposed services cross-checked against the NVD vulnerability database.

  • Leaked-credential check

    Your domain’s email addresses checked against public breach databases (Have I Been Pwned and paid dark-web feeds).

  • Email spoofing test

    Whether attackers can send emails appearing to come from your domain (SPF / DKIM / DMARC).

  • Short-form findings summary

    Plain-language, no jargon, no sales pitch.

  • One clear next step

    If the findings are serious, we send a fixed-price proposal. If they’re not, you keep the summary and we disappear.

That's the guarantee. If we find nothing worth your attention, you keep the report anyway. No invoice. No follow-up sales calls.

Before you ask

Questions we hear before every scan

"We're too small to be targeted."
Ransomware groups scan the entire IPv4 address space every few hours. They don't pick targets - they pick open doors. In Verizon's 2024 breach report, small businesses accounted for roughly 43% of all breaches. Size is not a defence; being uninteresting is not a strategy.
"We already have an IT provider - doesn't that cover this?"
External IT providers usually manage your uptime and your computers. They are rarely contracted to find vulnerabilities from an attacker's perspective, and most don't scan the parts of your infrastructure that face the internet. We do one specific job - adversarial external assessment - and hand the results to them to fix.
"What does the scan actually do to our systems?"
Nothing invasive. The pre-scan is external and non-intrusive - it reads what your systems already publish to the public internet. No logins, no installed agents, no traffic load. It's what a motivated attacker does on a Tuesday afternoon.
"Why should we trust you with this?"
You don't have to trust us with anything. The pre-scan requires zero credentials from you, zero network access, and no data beyond your domain name. You see what we find; you decide if there's a conversation to have.

Takes 5 minutes. Results in 24 hours.

Know what attackers already know about you.

Send us your domain. We'll run a free pre-scan and tell you exactly what we - and they - can see.

Get my free pre-scan - it's free, really

No credit card. No access to your systems. No sales call unless you want one.

Sources

  1. 1GDPR Art. 83 - administrative fines (eur-lex.europa.eu)
  2. 2GDPR Art. 33 - 72-hour breach notification (eur-lex.europa.eu)
  3. 3IBM Cost of a Data Breach Report 2024 (ibm.com/reports/data-breach)
  4. 4Verizon Data Breach Investigations Report 2024 (verizon.com/dbir)