1.
Does your organization have a formal business or governance plan which includes managing cybersecurity?
2.
Does your organization have any department for managing network security?
3.
Does your organization have technical capability to accomplish network wide inspections?
4.
Do your organization enforce policies and procedures, including IT usage policies, complex password policies, and data security policies?
5.
Do you provide your employees with routine cybersecurity awareness training?
6.
Does your organization have a secure and remote backup solution to protect against threats such as Ransomware?
7.
Does your organization have breach incident response plan?
8.
How frequently are systems and data generally backed up in your organization?
9.
Does your organization complete regular and systematic reviews of log files and backup logs?
10.
How frequently are Cybersecurity Risk Assessments undertaken at your organization?
11.
Does your organization maintain an up to date computer and software asset list?
12.
Does your organization regularly test the strength of your security protocols?
13.
Do all PC’s and Laptops owned by the business have anti-virus software installed with automatic updates, or with Software patch management?
14.
Does your organisation use hardware firewall for network security?
15.
Does your organization use intrusion detection software on computers?
16.
Multi-Factor Authentication enabled for your organizations systems?
17.
Do your staff know how to safely identify and report phishing emails?
18.
Who has permission to install software within your organizations?
19.
How often do you use your work computer, laptop, tablet or mobile phone for nonwork related tasks such as online banking, watching YouTube, checking your personal email and/or social media such as Facebook?
20.
Is your organization currently using any 3rd party IT service?