CYBER SECURITY SELF ASSESSMENT Cyber Security Self Assessment 1 / 16 1. Do you have a documented cybersecurity policy? A cybersecurity policy for a business is a formal document that outlines the guidelines and procedures for ensuring the security of the company's digital assets. This policy serves as a framework for protecting the company's information, systems, and networks from cyber threats, and it helps employees understand their roles and responsibilities in maintaining cybersecurity 1. Yes 2. No 3. Not Sure 2 / 16 2. Are all employees trained in cybersecurity best practices? 1. Yes, regularly 2. Yes, but not regularly 3. No 3 / 16 3. Do you conduct regular cybersecurity awareness programs? A cybersecurity awareness program is a structured initiative within an organization aimed at educating employees and other stakeholders about cybersecurity threats, best practices, and their roles in maintaining a secure environment. The goal of such a program is to enhance the overall security posture of the organization by equipping everyone with the knowledge and skills necessary to recognize, avoid, and respond to cyber threats. 1. Yes, quarterly 2. Yes, annually 3. No 4 / 16 4. Is your network protected by a firewall? A network firewall is a security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Its primary function is to create a barrier between a trusted internal network and untrusted external networks, such as the internet, to prevent unauthorized access, data breaches, and cyberattacks. 1. Yes 2. No 3. Not Sure 5 / 16 5. Do you regularly update your firewall and router firmware? Router or firewall firmware is the software embedded in the router or firewall hardware that controls the device's basic functions and operations such as routing data, enforcing security policies, and managing network traffic. 1. Yes 2. No 3. Not Sure 6 / 16 6. Do you use secure Wi-Fi for all business operations? A secure Wi-Fi network is one that employs various security measures to protect the wireless network from unauthorized access, data breaches, and other cyber threats such as using WPA3/WPA2 encryption, Strong and unique passowrd (complex, combining uppercase and lowercase letters, numbers, and special characters, and should not be easily guessable), WIFI firmware regularly updated. 1. Yes 2. No 3. Not Sure 7 / 16 7. Do you have a data cloud backup strategy in place? A data cloud backup is a service that enables the storage and protection of data by copying it from a local system or server to a remote server in the cloud. This process ensures that data is safely preserved offsite, allowing for recovery in case of data loss, hardware failure, or cyber attacks. Cloud backups are managed by third-party service providers, offering businesses and individuals a reliable way to secure their data with minimal hardware investment. 1. Yes, daily 2. Yes, weekly 3. Yes but not on the cloud 4. No 5. Not Sure 8 / 16 8. Is sensitive data encrypted both in transit and at rest? Backup data encryption in transit and at rest refers to the practice of securing backup data by encrypting it both while it is being transferred over a network (in transit) and while it is stored on a device or in the cloud (at rest). This ensures that sensitive information is protected from unauthorized access and breaches at all stages, whether during transmission or storage. 1. Yes 2. No 3. Not Sure 9 / 16 9. Do all employees use strong, unique passwords for their accounts? 1. Yes 2. Some 3. No 4. Not Sure 10 / 16 10. Is multi-factor authentication (MFA/2FA) enabled for all critical systems? Multi-Factor Authentication (MFA) is a security process that requires users to provide two or more forms of verification before they can access an account, system, or application. MFA adds an extra layer of protection beyond just a password, making it much harder for unauthorized users to gain access, even if they have obtained the password. Such systems include SMS, Push Notficiations, Authenticators, Auth Keys, Key Pass etc. 1. Yes 2. Yes on some 3. No 4. Not Sure 11 / 16 11. Do you have email filtering service in place (other than inbuilt M365 or Google)? An email filtering service is a cybersecurity tool designed to monitor and manage incoming and outgoing email traffic to protect users and organizations from threats such as spam, phishing, malware, and other malicious content. 1. Yes 2. No 3. Not Sure 12 / 16 12. Do you have a web filtering service in place? A web filtering service is a cybersecurity tool that controls and monitors the websites and web content that users within an organization can access. It helps protect against threats such as malware, phishing, and inappropriate content by blocking access to potentially harmful or non-business-related websites. 1. Yes 2. No 3. Not Sure 13 / 16 13. Are employee accounts regularly reviewed and deactivated when no longer needed? 1. Yes 2. No 3. Not Sure 14 / 16 14. Do you have an incident response plan for cybersecurity breaches? An Incident Response Plan (IRP) for cybersecurity breaches is a well-defined, documented strategy that outlines the procedures an organization must follow in the event of a cybersecurity incident. The purpose of an IRP is to effectively manage and mitigate the impact of a breach, ensuring a swift and organized response to minimize damage, reduce recovery time, and maintain business continuity. 1. Yes 2. No 15 / 16 15. Are employees aware of how to report suspicious activity or potential security breaches? 1. Yes 2. No 16 / 16 16. Do you use a Next-Generation Cybersecurity System, such as EDR or XDR? EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) are advanced cybersecurity systems designed to detect, investigate, and respond to threats across an organization's IT environment. They are both crucial in enhancing an organization's security posture by providing more sophisticated threat detection and response capabilities. 1. Yes 2. No 3. Not Sure Please register to see the results Restart quiz