1.
Does your organisation have a formal business or governance plan which includes managing cybersecurity?
2.
Does your organisation have any department for managing network security?
3.
Does your organisation have technical capability to accomplish network wide inspections?
4.
Do your organisation enforce policies and procedures, including IT usage policies, complex password policies, and data security policies?
5.
Do you provide your employees with routine cybersecurity awareness training?
6.
Does your organisation have a secure and remote backup solution to protect against threats such as Ransomware?
7.
Does your organisation have breach incident response plan?
8.
How frequently are systems and data generally backed up in your organisation?
9.
Does your organisation complete regular and systematic reviews of log files and backup logs?
10.
How frequently are Cybersecurity Risk Assessments undertaken at your organisation?
11.
Does your organisation maintain an up to date computer and software asset list?
12.
Does your organisation regularly test the strength of your security protocols?
13.
Do all PC’s and Laptops owned by the business have anti-virus software installed with automatic updates, or with Software patch management?
14.
Does your organisation use hardware firewall for network security?
15.
Does your organisation use intrusion detection software on computers?
16.
Multi-Factor Authentication enabled for your organisations systems?
17.
Do your staff know how to safely identify and report phishing emails?
18.
Who has permission to install software within your organisations?
19.
How often do you use your work computer, laptop, tablet or mobile phone for nonwork related tasks such as online banking, watching YouTube, checking your personal email and/or social media such as Facebook?
20.
Is your organisation currently using any 3rd party IT service?