-
1. Have you had a Cyber Security Incident in the past year?
-
2. How many dedicated IT Security Professionals do you have on staff?
-
3. Is there a Cyber Security Employee Awareness Program in place?
-
4. Does your company have IT Security Policies in place?
-
5. Does your company have a strong Password Policy?
-
6. Are employees allowed to bring personal devices and join them to company's network? BYOD (Bring your own device)
-
7. Has your company moved to a cloud based office suite such as Office 365 or Gsuite?
-
8. Does your company use MFA (Multi Factor Authentication) to access Email?
-
9. Does your company use MFA to connect to the VPN?
-
10. Does your company have an Advanced Email Protection solution in place?
-
11. What is the current Anti-Virus (EDR) solution your company is using?
-
12. Is there a Patch Management Program in place to update your systems and servers?
-
13. Describe where your company stores systems backups
-
14. How does your company store and monitor system logs & Alerts?
-
15. Are Corporate Networks segmented, separating Corporate Servers, Workstations, Wireless/Guest traffic?
-
16. Does your company still uses legacy applications or Systems that cannot be updated?
-
17. Does your company leverage a DNS Filtering tool for safe web-browsing?
-
18. Does your company have Firewall UTM with Intrustion Detection and Prevention (IPS/IDS) in place?
-
19. Is your company following the email DNS standards for the prevention of domain spoofing and the improvement of the domain reputation? SPF, DKIM, and DMARC
-
20. Does your company rely on a Threat Intel solution to monitor the dark web and find possible data breaches, email compromises, or credentials being sold, etc?
-
21. Has your company had a 3rd party an IT Security Assessment peformed (i.e Vulnerability Assessment or Penetration Test)?