FREE CYBER SECURITY RISK ASSESSMENT

How well are you and your employees informed about cyber security, hazards and data breaches? Take the test below in the following technical areas to find the final risk score.

shield

Mitigation strategies to prevent malware delivery and execution

Employees take proper steps to safeguard the business against a growing threat. Find how aware they are in the listed areas.

SECURITY

Do you only allow approved/trusted programs in your environment to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers?

No
Not Sure
Yes
Software
Update

UPDATES

Do you perform regular patching and updating of applications in your system? This includes, but is not limited to, Microsoft Office, PDF readers, Java, Flash and Web Browsers.

No
Not Sure
Yes

SETTINGS

Are Microsoft Office macro settings configured to block macros from the Internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.

No
Not Sure
Yes
Software
Config-image

APPLICATION HARDENING

Do you conduct user application hardening such as configuring we browser to block Flash (ideally uninstall it), ads and Java on the Internet. Also includes disabling unneeded features in Microsoft Office(e.g OLE), web browsers and PDF viewers.

No
Not Sure
Yes
shield

Mitigation strategies to limit the extent of cyber security incidents

All software programs, computer devices and servers have their security requirements to limit cyber security issues. What’s your score?

ADMIN ACCESS

Are all administrative privileges restricted to operating systems and applications based on user duties including revalidating the need for privileges?

No
Not Sure
Yes
computer
risk

SOFTWARE PATCHES

Do you patch/mitigate computer operating systems (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Including only using the latest operating system version?

No
Not Sure
Yes

AUTHENTICATION

Do you use multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository?

No
Not Sure
Yes
compat
shield

Mitigation strategies to recover data and system availability

With the rise of mobile devices like laptops, smartphones, tablets, there has been a sharp increase in data being lost or stolen. What safety measures are you taking against that?

BACKUPS

Do you have daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months plus regularly test restoration?

No
Not Sure
Yes
Dedicated-Server
firewalls

FIREWALLS

Do you use an enterprise grade firewall with intrusion detection and prevention options enabled and reporting of suspicious traffic?

No
Not Sure
Yes

ENDPOINT PROTECTION

Do endpoints have adequate antivirus and antimalware protection in place including conditional access for remote/mobile users based on endpoint status?

No
Not Sure
Yes
leap logo

EMAIL PROTECTION

Do you block insecure protocols (like IMAP/POP3) and use DMARC/DKIM/SPF records to minimise spam?

No
Not Sure
Yes

DATA ENCRYPTION

Are critical files at rest and in-motion encrypted including sensitive emails?

No
Not Sure
Yes
cyber

SECURITY ASSESSMENT

Do you conduct an annual security assessment and review applicable security policies?

No
Not Sure
Yes
check

MOBILE DEVICE SECURITY

Are mobile devices securely managed and controlled including keeping corporate data separate from personal data?

No
Not Sure
Yes
check

SECURITY AWARENESS TRAINING

Do you conduct security awareness training with regular testing and include cybersecurity in your employee onboarding?

No
Not Sure
Yes
training-image

SIEM/LOG MANAGEMENT

Are logs across all devices collected and monitored to detect potential threats and attacks or malicious or unusual behaviour within your network?

No
Not Sure
Yes
monitoring

CYBER INSURANCE

Do you have an up to date cyber insurance policy that has been assessed and vetted for your typical industry security scenarios?

No
Not Sure
Yes
business