1) Does any of the following apply to your company’s password policy? (Check all that apply)

Use Strong Passwords
Periodically change all passwords
Do not share the master password
None of the above

2) Do your employees use office computers to access social networks for personal reasons?

Yes
No

3) Do your employees connect and use Live Chat systems on ANY social platform using office systems (for work or pleasure)?

Yes
No

4) Do the systems accessing your company network have any of the following operating systems? (Check all that apply)

Windows NT
Windows 2000/2003
Windows XP
Windows 95/98/98SE/ME
None of the above

5) Is all your software kept updated, and your IT department alerted about outdated software present on your network?

Yes
No

6) Check all that apply to your company’s backup policy:

Incremental backups are taken daily
Servers and workstations are fully backed up once a week
Backups are stored offsite
Backups are encrypted and password protected
None of the above

7) How many employees have access to important company and financial data?

1
2 - 3
4 - 10
More
Only those who access the data as part of their job functions.

8) Do your employees have full access to multiple data systems on your company network?

Yes
No
Limited access to specific data systems, only when their job requires it

9) Check all that apply to your company’s WiFi network below:

Secure, with password protection
Encrypted
Hidden
None of the above

10) Do employees download and use their own software on company office systems?

Yes
No

11) What type of firewall does your company have?

Perimeter Network Firewall
Local device (computing and/or mobile device) firewall
Both
None

12) Which of the following methods do you use to protect highly sensitive data from hackers or prying eyes? (Check all that apply)

Strong Passwords
File Permissions
Encryption

13) Do your employees connect to your company’s network using a range of computing and mobile devices?

Yes
No

14) Do your employees connect to your company’s network using their personal computing and mobile devices?

Yes
No

15) How many employees have access to important company and financial data through their personal computing and / or mobile devices?

1
2 - 3
4 - 10
More
Only those who access the data as part of their job functions.

16) Do you have a Cyber Security policy in place?

Yes
No

17) How do you communicate updates in your cyber security policies to your employees? (Check all that apply)

Through documentation
E-mail
In-person meetings
None of the above

18) Are your employees periodically trained on security requirements related to their job functions?

Yes
No

19) Do you have a dedicated IT Security Person / Team?

Yes
We have an employee managing IT Security, but not as a primary responsibility
Our IT Security function is outsourced to an external contractor
No

20) Do you have auditing in place for important and sensitive data?

Yes
No

21) What types of software are used by your company for your daily business activities? What type of support do you have for them? (Check all that apply)

Licensed proprietary software with full technical support from the vendor
Free / limited version software with limited or no support from the vendor
Open Source software with support available from forums, etc.
Custom made third-party software with service level agreements in place with the vendor
Unlicensed Software

22) Does your company have a policy that manages the use of open source software within your network?

Yes
No

23) Does your company use proprietary software hosted externally with access to sensitive company data?

Yes
No

24) How many levels of authentication (security question, registered email address, etc) does your password retrieval process have?

1
2
More than 2

25) Do your employees regularly connect to external WiFi networks such as home networks, airports, café, etc?

Yes
No

26) How do you ensure that you keep your security software up to date? (Check all that apply)

Automatic Updates
Regular checks by the IT team, alerts on outdated software
Regular patch management programs

27) Are the use of removable media such as USB drives, CDs, DVDs, etc. restricted within your company network?

Yes
No

28) Are your payments system secure and comply with the latest payment system security requirements?

Yes
No

29) Are IT and Security policies in your company periodically reviewed, updated and communicated to the employees?

Yes
No

30) Do you have appropriate Disaster Recovery Plans and Risk Management Plans in place with regards to IT security?

Yes
No