You can always press Enter⏎ to continue
Welcome
No technical jargon. Just simple questions to help you stay safe. Let’s get started!.
19
Questions
START
1
1. Have you conducted a recent risk assessment?
This involves a formal review of your systems, data, and processes to identify potential vulnerabilities. A "recent" assessment typically refers to one completed within the last 12 months to ensure your defenses keep pace with new threats.
Yes
No
Previous
Next
Submit
Press
Enter
2
2. Are all hardware and software components regularly updated?
Keeping systems current ensures that "patches" are applied to fix known security flaws. This includes everything from operating systems (Windows/macOS) and mobile apps to hardware "firmware" for routers and printers.
Yes
No
Previous
Next
Submit
Press
Enter
3
3. Are there firewalls in place to protect your network?
Firewalls act as a digital barrier between your internal network and the outside internet.They monitor incoming and outgoing traffic to block unauthorized access and malicious data packets based on a set of security rules.
Yes
No
Previous
Next
Submit
Press
Enter
4
4. Is antivirus software installed and regularly updated?
Antivirus software detects, neutralizes, and removes malicious software like viruses, ransomware, and spyware. Regular updates (often daily) are essential so the software can recognize the latest "signatures" of new threats as they emerge.
Yes
No
Previous
Next
Submit
Press
Enter
5
5. Are employees trained on cyber security best practices?
Human error is a leading cause of security breaches. This training ensures that staff can recognize phishing attempts, practice safe password management, and understand their role in protecting sensitive company data.
Yes
No
Previous
Next
Submit
Press
Enter
6
6. Is there a policy for managing passwords and authentication?
This refers to a standard set of rules requiring complex passwords, regular updates, and the use of Multi-Factor Authentication (MFA). A strong policy ensures that stolen or guessed credentials cannot be easily used to gain unauthorized access to your systems.
Yes
No
Previous
Next
Submit
Press
Enter
7
7. Are sensitive data encrypted both in transit and at rest?
Encryption converts your data into unreadable code to prevent unauthorized access. "In transit" refers to data moving over the internet or email, while "at rest" refers to data stored on hard drives, servers, or cloud storage.
Yes
No
Previous
Next
Submit
Press
Enter
8
8. Is there an incident response plan in place?
An incident response plan is a documented "playbook" that outlines exactly what steps your team should take if a breach occurs. It ensures a fast, organized reaction to contain the threat, minimize data loss, and restore normal operations as quickly as possible.
Yes
No
Previous
Next
Submit
Press
Enter
9
9. Are access controls implemented to limit user access to sensitive data?
This follows the "principle of least privilege," ensuring employees only have access to the specific files and systems necessary for their job. Restricting permissions prevents sensitive data from being accidentally or intentionally accessed, altered, or deleted by unauthorized users.
Yes
No
Previous
Next
Submit
Press
Enter
10
10. Are third-party vendors assessed for security risks?
Your security is only as strong as your weakest partner. This involves vetting outside contractors, software providers, or cloud services to ensure they follow strict security standards, preventing a breach in their system from impacting yours.
Yes
No
Previous
Next
Submit
Press
Enter
11
11. Is there a data backup and recovery plan?
This ensures that copies of your critical information are stored securely and can be restored quickly following a system failure, ransomware attack, or accidental deletion. A robust plan includes regular testing to confirm that your backups actually work when you need them.
Yes
No
Previous
Next
Submit
Press
Enter
12
12. Are there regular security audits conducted?
Unlike a self-assessment, an audit is a systematic evaluation of your security controls—often by an independent party. This ensures that your policies are actually being followed in practice and that your technical defenses are functioning as intended.
Yes
No
Previous
Next
Submit
Press
Enter
13
13. Are physical security measures in place to protect hardware?
Cybersecurity isn't just digital. This refers to protecting the physical environment where your data lives, such as using locked server rooms, security cameras, badge-entry systems, and cable locks to prevent the theft of servers, laptops, or backup drives.
Yes
No
Previous
Next
Submit
Press
Enter
14
14. Is there a clear communication plan for security breaches?
If a breach occurs, you must know who to notify and when. This plan outlines how you will inform employees, customers, legal authorities, and the public, ensuring your messaging is transparent and meets legal notification requirements.
Yes
No
Previous
Next
Submit
Press
Enter
15
15. Have you assessed your organization’s compliance with relevant regulations?
This involves checking if your security practices meet the legal requirements of your industry or region (such as GDPR for privacy, HIPAA for healthcare, or PCI-DSS for credit card payments). Failing to comply can result in heavy fines and legal action.
Yes
No
Previous
Next
Submit
Press
Enter
16
Additional Comments or Concerns:
Previous
Next
Submit
Press
Enter
17
Full Name
First Name
Last Name
Previous
Next
Submit
Press
Enter
18
Email Address
example@example.com
Previous
Next
Submit
Press
Enter
19
Phone Number
Please enter a valid phone number.
Previous
Next
Submit
Press
Enter
Should be Empty:
Question Label
1
of
19
See All
Go Back
Submit
