Security Posture Self-Assessment FOR EACH ITEM, TICK THE BEST ANSWER, FILL OUT THE QUICK FORM, AND TICK ON "ASSESS RISK." YOU WILL IMMEDIATELY GET YOUR SCORE AND LEARN IF YOU ARE AT LOW, MEDIUM, HIGH, OR IN IMMINENT RISK. Technology Each of our large sites is monitored with an Intrusion Detection System and SIEM.* Yes No Unsure We have EDR/Threat Hunting agents on our endpoints and servers.* Yes No Unsure We subscribe to Microsoft Defender for Office 365 (EOATP).* Yes No Unsure We utilize an Intrusion Detection service or subscription for M365.* Yes No Unsure We perform monthly external vulnerability scans of our network, annual internal scans, and quickly remediate any issues discovered.* Yes No Unsure We utilize Next-Gen Antivirus (not just standard business antivirus).* Yes No Unsure Our systems are restricted to only run "allowed" applications.* Yes No Unsure We utilize honeypot/decoy technologies.* Yes No Unsure Endpoints lock after 15 minutes of inactivity.* Yes No Unsure All laptops utilize full-disk encryption. Yes No Unsure All laptops are enrolled in a Mobile Device Management system (MDM).* Yes No Unsure We have a system in place that alerts us to Dark Web posts related to our org.* Yes No Unsure Our staff are enrolled in a Security Awareness Training program that includes phishing email exercises, training videos, and quizzes.* Yes No Unsure We maintain a UTM Firewall suite subscription.* Yes No Unsure We utilize Web/DNS Content Filtering to block malicious websites and links.* Yes No Unsure We block foreign country access on our firewall and Microsoft 365 / Google Workspace.* Yes No Unsure Our WiFi is integrated with our central user Directory, and if not, the shared key is very long and is changed at least quarterly.* Yes No Unsure Our central user Directory is reviewed quarterly for inactive accounts and admin-level access.* Yes No Unsure Our computer and network passwords are required to be at least 14 characters.* Yes No Unsure Multi-Factor Authentication is enforced for email / Microsoft 365 / Google Workspace access.* Yes No Unsure Multi-Factor Authentication or VPN w/Certificate is enforced for remote access to all business systems.* Yes No Unsure Hackers can’t spoof our email due to locked down SPF/DKIM/DMARC records AND Email from external senders arrives with a banner warning the recipient.* Yes No Unsure We utilize a message encryption subscription and process.* Yes No Unsure All our backup systems are protected with their own, separate Multi-Factor Authentication systems.* Yes No Unsure We have a 3rd party backup in place for Microsoft 365 / Google Workspace.* Yes No Unsure We have Data Loss Prevention (DLP) in place to block confidential data leakage.* Yes No Unsure Our staff are required to utilize business owned computers for remote work.* Yes No Unsure Strategy & Processes We have a documented Security Strategy, and a named internal role is responsible for executing it, even if outsourcing much of the strategy and execution.* Yes No Unsure We perform an annual Security Strategy review process / workshop, and our CEO participates during part of it.* Yes No Unsure We have a clear understanding of our risk, the impacts of a serious breach, where our security gaps are, and have a roadmap timeline to close them.* Yes No Unsure Our Security Strategy is based upon a nationally recognized framework, i.e. NIST CSF.* Yes No Unsure We have a Compliance Mgmt Process and are confident we would pass an Audit.* Yes No Unsure A person or team daily monitors the status of Backups, Patching, and Antivirus.* Yes No Unsure We’ve had a 3rd party Vulnerability Assessment or PenTest performed in the past 18 months.* Yes No Unsure We have a documented Cyber-Incident Response Process and review it annually.* Yes No Unsure We have a comprehensive Disaster Recovery Plan (DRP) and test it annually* Yes No Unsure We have a documented Technology Termination Process and utilize it every time.* Yes No Unsure In the last 3 years we have not had a known breach and/or paid a ransom.* Yes No Unsure We have a recently upgraded Cybersecurity Insurance policy.* Yes No Unsure We require all vendors with access to our systems and data to maintain a strong Security Posture, and we assess each of these vendors annually.* Yes No Unsure We perform at least 10 hours of Security R&D every month.* Yes No Unsure We utilize a 24/7 Security Operations Center (SOC) and have technologies in place that will auto-isolate compromised systems.* Yes No Unsure Please fill out your organization's info below, and your Account Manager or Peter Durand will reach out to give you insights into your security score. Your Name Company Email CAPTCHA Name This field is for validation purposes and should be left unchanged.