Graben · Berner Oberaargau
(01)  —  IT CONSULTING FOR SMES IN OBERAARGAU AND BERN

IT consulting that reduces complexity and clarifies decisions.

We organise infrastructure, security, cloud, workstations, and budgets into a roadmap your SME can actually follow.

  • Network & WLAN
  • 3-2-1 backup
  • Actionable roadmaps
Request an IT assessment Call now
Scope
SMEs & trades
Approach
Pragmatic
Outcome
Clear priorities
Role of consulting

Good IT consulting prevents bad purchases and emergency fixes

Strategy only matters if it turns into realistic implementation steps.

We advise based on your real setup: users, workstations, processes, security level, and available budget. The goal is an IT environment that supports the business – not a landscape that constantly demands specialist knowledge and improvisation.

Typical triggers for consulting: upcoming hardware refresh, growth with new staff, planned cloud migration, takeover of a historically grown environment, or the realisation that the backup has not been tested in years.

  • Analysis based on real setup, not slides
  • Prioritisation: critical vs. soon vs. later
  • Actionable steps instead of an overgrown wish list
  • Direct implementation available if wanted
IT consulting and strategy for SMEs
From assessment to an actionable roadmap
NETWORK ARCHITECTURE

LAN, WLAN, firewall, and network documentation

A cleanly segmented network is the foundation for security and performance – not the place to save money.

01 · NETZWERK

LAN infrastructure

Structured cabling (Cat 6a/Cat 7), managed switches with PoE, VLAN segmentation for servers, workstations, printers, guests, and IoT. The base for everything else.

Cat 6a/7, VLAN, PoE

02 · INFRASTRUKTUR

WLAN coverage

Professional planning without dead zones: access-point placement, channel and power planning, separate guest network, SSIDs for staff and devices.

Access points & SSID

03 · SICHERHEIT

Firewall & VPN

Business firewalls with IDS/IPS, content filtering, VPN access for home office and field service. Documented rules instead of historically grown filters.

IDS, content filter, VPN

04 · REPORTING

Network documentation

IP plan, network diagram, credentials in a password manager. So the knowledge is not only in one person's head when it matters most.

IP plan, diagram

SERVERS, CLIENTS & LICENSING

Hardware and software evaluation with a lifecycle view

The right question is not "what is new" but "what fits actual usage, budget, and lifecycle".

01 · SERVER

Server evaluation

Physical on-premise vs. virtualised (Hyper-V, VMware) vs. cloud (Azure, Microsoft 365). Decision based on applications, data volume, availability requirement, and budget.

On-prem, virtual, cloud

02 · ARBEITSPLÄTZE

Client equipment

Laptops vs. desktops, performance tiers by role: standard office, CAD, development, reception. Unified models instead of 15 different device types.

Notebook & desktop

03 · MICROSOFT 365

OS & licensing

Windows Server, Windows 11 Pro, Microsoft 365, CAL structures. Licence audit to avoid over- and under-licensing.

Windows & M365

04 · WACHSTUM

Lifecycle management

Documented hardware lifecycle: purchase, warranty, planned replacement. Investments become plannable instead of a surprise in the annual budget.

Investment planning

Central file storage

Folder structure, permissions, and remote access

A clean central file storage is the prerequisite for everything else – backup, permissions, data protection, collaboration.

Implemented either as a file server (Windows Server with NTFS permissions) or as a NAS (Synology, QNAP) for smaller companies. Folder structure and rights are assigned role-based – not to individual users but to AD groups, so staff changes do not require rework.

Recovery of smaller mistakes (accidentally deleted or overwritten files) via Volume Shadow Copy / Previous Versions. Remote access via VPN or cloud sync with OneDrive for Business and SharePoint.

  • File server (Windows Server) or NAS (Synology/QNAP)
  • Role-based NTFS permissions via AD groups
  • Versioning via Volume Shadow Copy
  • Remote access via VPN or OneDrive/SharePoint
Backup following the 3-2-1 rule

Three copies, two media, one offsite

Many companies only discover after a data loss that their backup never worked. That has to be verified up front.

The 3-2-1 rule is the minimum standard: three copies of the data, on two different media, with one copy offsite (or in the cloud). Automated daily backups run without manual intervention. On request, cloud backup in a Swiss data centre for data-protection-compliant processing.

This includes a disaster recovery plan with defined RTO (how long may the outage last) and RPO (how much data loss is acceptable). Regular test restores are logged – without a tested restore, it is not a backup, just hope.

  • 3-2-1 rule: 3 copies, 2 media, 1 offsite
  • Automated daily backups with encryption
  • Cloud backup in a Swiss data centre possible
  • RTO and RPO defined, regular test restores
LOGINS, PASSWORDS & PERMISSIONS

Identity and access managed cleanly

The most common entry point for attacks is weak or shared passwords. Fixing that costs less than a single incident.

01 · SCHUTZ

Password policies

Central policy via GPO or Microsoft 365: minimum length, complexity, no forced monthly change (per current guidance). Instead, long passphrases and MFA.

GPO & M365

02 · SICHERHEIT

Password manager

KeePass, Bitwarden, or 1Password for staff and shared company credentials. Replacement for Excel lists, sticky notes, and knowledge islands at individual people.

KeePass, Bitwarden

03 · KOMPASS

Multi-factor (MFA)

MFA mandatory for critical systems: Microsoft 365, VPN, remote access, accounting, admin accounts. A leaked password then no longer becomes an automatic incident.

App or hardware token

04 · ORDNER

Least privilege & offboarding

Permissions on a least-privilege basis – only what the role actually needs. Clean deactivation on exit, including mail forwarding and file handover.

Least privilege

APPROACH

How consulting becomes an actionable decision framework

We separate analysis, prioritisation, and delivery on purpose.

  1. 01

    Assess the current state

    Systems, roles, risks, bottlenecks, and dependencies are mapped clearly. A focused walk through the business with open eyes.

  2. 02

    Set priorities

    We distinguish between critical (backup, security, single point of failure), useful soon (hardware lifecycle, monitoring), and nice-to-have later.

  3. 03

    Agree the roadmap

    You get a clear sequence with a rough effort estimate – instead of an overgrown wish list without budget awareness.

  4. 04

    Deliver where useful

    If it helps, we move straight into implementation instead of stopping at concept level. You can also use the roadmap alone and continue in-house.

RELATED TOPICS

Services that fit alongside IT consulting

Strategy only becomes effective when the operational building blocks behind it run cleanly – here are the key ones.

01 · SICHERHEIT

Cyber security for SMBs

MFA, conditional access, endpoint protection and pragmatic measures – feasible for small teams without an in-house security department.

Security

To topic
02 · SERVER

Server administration

Active Directory, group policies, patch management and monitoring – the operational base behind every strategy.

Windows Server & AD

View service
03 · CLOUD

Cloud solutions

Microsoft 365, Exchange Online, Teams and SharePoint – a modern workplace with clear licence and role logic.

Microsoft 365

Learn more
04 · RECOVERY

Backup & recovery

Backup concept with the 3-2-1 principle, restore tests and clear documentation – the most important lever in an emergency.

3-2-1 concept

Details
05 · NETZWERK

Network & WLAN

Structured LAN/WLAN, VLAN segmentation and a guest network – the basis for security and performance.

LAN & WLAN

To topic
06 · HELPDESK

IT support for SMBs

Ongoing helpdesk for users – remote or on site, with a fixed contact person.

Support

To support
FAQ

Frequently asked questions

Does IT consulting make sense for smaller businesses too?

Yes. Smaller businesses benefit the most from clear priorities, because wrong purchases and disconnected fixes become expensive quickly. Often half a day of consulting is enough to order investments for the next two years.

Do we have to renew all systems for a roadmap?

No. Usually the first step is to reduce risk and tidy the foundation (backup, patch state, permissions, documentation) – before larger investments in hardware or cloud migration make sense.

What is the difference between RTO and RPO?

RTO (Recovery Time Objective) is the maximum acceptable outage duration. RPO (Recovery Point Objective) is the maximum acceptable data loss – how old the latest backup data may be. Both need to be defined before the backup design can be sized.

What is the NCSC in a Swiss SME context?

The National Cyber Security Centre (NCSC, now BACS) is the Swiss reporting centre for cyber incidents. Its published reports consistently show that SMEs are affected at least as often as large companies – typically via phishing and hijacked M365 accounts.

We have no internal IT. Can Lightnet take over operations?

Yes, on request. Under a managed service we take on monitoring, patching, user administration, backup control, and first-level support. One point of contact instead of three different providers.

Can we use the consulting as a one-off without a recurring contract?

Yes. Consulting can be delivered as a one-off assessment with a roadmap. You then decide how to implement and operate – internally, with another provider, or with us.

Contact

Need clarity on what should actually come first in your IT setup?

We start with practical IT consulting that turns technical complexity into clear business decisions.

Request an IT assessment Call now