Alert Carnival Corporation — 8.7M records stolen April 2026. Entry point: one phished employee account.
Turku · Southwest Finland · Est. 2026

Cybersecurity
for maritime
and industrial
businesses.

Finland's Cybersecurity Act is in force. Your partners and insurers are starting to ask questions. E.A. Sode Consulting provides straightforward security auditing for SMEs in Turku and the surrounding region.

Book an assessment → See what's included
/ 01 — Services

Three levels of assessment

From a fast external check to a full NIS2 compliance package. Every engagement produces a written report you can act on — or show to a client, insurer, or regulator.

TIER — 01
Introductory rate

External reconnaissance report

A one-day check of everything visible about your business from the outside. Plain-language PDF within the week.

  • Email security (SPF, DKIM, DMARC)
  • SSL/TLS certificate health
  • Open ports and exposed services
  • Leaked credentials check
  • DNS and subdomain exposure
500€ 800€
TIER — 02

Internal + external audit

Thorough review of your internal and external posture, mapped to NIS2 Article 21 controls. Produces a risk register your management can sign off on.

  • Everything in Tier 1
  • Internal network segmentation
  • Active Directory / Entra ID hygiene
  • Patch levels and endpoint protection
  • Backup verification
  • NIS2 Article 21 gap analysis
2500€
TIER — 03

Full NIS2 compliance package

Everything in Tier 2 plus we write the documents the law requires — so you're not just assessed, you're ready.

  • Risk management model
  • Incident response SOP
  • 24h / 72h / 30-day reporting ladder
  • Asset inventory
  • Supplier security requirements
  • Board-level briefing document
Quoted per engagement
/ 02 — Why now

The window to act
is open

8.7M
Records stolen from Carnival Corporation, April 2026. Cause: one phished employee account.
10M
Maximum fine under Finland's Cybersecurity Act for non-compliant essential entities.
NIS2
In force since April 2025. Risk management procedures were required by July 2025.

The Carnival breach is instructive because it wasn't exotic. A single compromised account was enough. The same vector works against a 20-person maritime supplier as it does against a global cruise line.

For businesses in Finland's maritime sector, the timing is pointed. The Cybersecurity Act is in force, larger partners are beginning to push security requirements down their supply chains, and cyber insurers are tightening underwriting requirements.

Most SMEs don't have a security team. That's not a failure — it's the reality. What matters is knowing where you stand, fixing the fixable issues, and having documentation that demonstrates you take this seriously.

/ 03 — Process

From first contact
to final report

A Tier 1 assessment can begin within days of your first email. No lengthy procurement, no surprises.

01

Short call

30 minutes to understand your setup and confirm which tier fits. No obligation.

02

Scoping

Scope, timeline, and price agreed in writing before anything begins.

03

Assessment

One day on-site or remote. No disruption to your operations.

04

Report delivered

Plain-language PDF within the week. We walk through findings on a call.

/ 04 — Contact

Start with a
conversation

Not sure if you're in NIS2 scope, or want to understand what an assessment involves? Send a message. No sales pitch.

Based Turku, Finland
Email [email protected]
Y-tunnus 36141227

The fastest way to get started is a direct email. Explain your situation briefly — even "I'm not sure if this applies to us" is enough to go on.

Email [email protected]

Typical response within one business day.