Do you have antivirus or endpoint protection on all work devices?
Do you regularly update your software and operating systems?
Do employees use unique passwords for each system/service?
Is multi-factor authentication (MFA) enabled for logins?
Are regular data backups performed and verified?
1 out of 4
Where are backups stored?
Do you have an Acceptable Use Policy in place?
Is cybersecurity training conducted for employees?
Do you have a dedicated IT resource or service?
Are there restrictions on personal devices (BYOD)?
2 out of 4
Is sensitive data encrypted at rest and in transit?
Are admin accounts separate from user accounts?
Do you have a written incident response plan?
Have you identified your critical assets and systems?
Is physical access to servers or sensitive hardware restricted?
3 out of 4
Do you use a password manager or credential vault?
Are email filters and spam protections in place?
Do you log and monitor network activity?
Have you tested your data recovery procedures?
Is someone responsible for managing cybersecurity?
4 out of 4
