Cybersecurity Risk Assessment

Your Name(Required)

IDENTIFY

1.1 Do you know what sensitive data your business holds?
1.2 How often do you review the technology and digital tools used in your business?
1.3 Are you aware of the legal requirements for data protection in your industry?
1.4 Have you identified which external parties have access to your sensitive data (like vendors or partners?
1.5 Do you understand the potential cybersecurity risks related to your industry?
1.6 Does your business have a cybersecurity insurance policy?
Hidden

PROTECT

2.1 Do you use antivirus or anti-malware software?
2.2 How do you manage access to your systems and data?
2.3 Do you have a firewall or network security tools in place?
2.4 Are your employees required to use strong, unique passwords for all business accounts?
2.5 Do you regularly audit your IT security measures?
2.6 Is your Wi-Fi network secure and encrypted?
Hidden

DETECT

3.1 How do you detect unauthorized access or anomalies in your systems?
3.2 Are your employees trained to identify common cyber threats (like phishing emails)?
3.3 Do you have a process for regularly updating software and systems?
3.4 Are there procedures to ensure mobile devices (phones, tablets) used for business are secure?
3.5 Do you keep logs of systems and network activity?
3.6 How often do you conduct vulnerability assessments of your IT systems?
Hidden

RESPOND

4.1 Do you have a plan for what to do in case of a data breach?
4.2 In case of a breach, who would be responsible for managing the response?
4.3 How quickly can you identify and contain a breach?
4.4 Are your employeess trained on how to respond to cybersecurity incidents?
4.5 Do you have external support (e.g., cybersecurity firm) for incident response?
4.6 Is there a protocol for preserving evidence after a cyber incident?
Hidden

RECOVER

5.1 Do you have backups of critical data?
5.2 In the event of data loss, how quickly can you restore your systems?
5.3 Do you have a plan to communicate with stakeholders (customers, employees) after a security incident?
5.4 Do you conduct regular drills or simulations for recovery procedures?
5.5 Is there a plan for maintaining business operations during a cyber incident?
5.6 How do you ensure that recovered data after an incident is safe and uncorrupted?
Hidden
Hidden