Free Security Assessment

Question 1 of 15

Do you use multi-factor authentication (MFA) on email and Microsoft 365?

💡 MFA blocks ~99% of account takeover attacks. If your email gets breached without MFA, attackers have access to everything — password resets, financial records, client data.

Question 2 of 15

Do you have endpoint protection (antivirus / EDR) on all company devices?

💡 Laptops and desktops are the most common entry point for ransomware and malware. Modern endpoint protection catches threats that traditional antivirus misses.

Question 3 of 15

Do you have a firewall protecting your network?

💡 A firewall is the first line of defence between your internal network and the internet. Without one, open ports and services are visible to anyone scanning the web.

Question 4 of 15

Do you use a password manager across your organisation?

💡 Reused or weak passwords are behind most credential breaches. A password manager means every account gets a unique, strong password — and you don't have to remember any of them.

Question 5 of 15

Are software updates applied automatically across your devices and systems?

💡 Unpatched software is the most exploited attack vector. Vulnerabilities are typically published the same week a patch ships — attackers scan for them immediately.

Question 6 of 15

Do your employees receive security awareness training?

💡 Phishing is the entry point for over 80% of breaches. Training employees to recognise suspicious emails and links is your cheapest and highest-ROI defence.

Question 7 of 15

Do you have a documented offboarding procedure when employees leave?

💡 Without a checklist, offboarding is inconsistent. Former employees may retain access to email, cloud storage, or internal tools — sometimes without anyone realising.

Question 8 of 15

Are user accounts disabled immediately when an employee leaves?

💡 Delayed account deactivation is a top cause of insider threats and account takeover. Every day an ex-employee account stays active is a day it can be exploited.

Question 9 of 15

Do you rotate passwords, or does your team use unique individual accounts (not shared)?

💡 Shared passwords can't be audited or individually revoked. If one person is compromised, every system using that shared password is immediately at risk.

Question 10 of 15

Do you have backups in place, and have you tested your ability to restore from them?

💡 Ransomware only works when you have no recovery path. An untested backup is not a backup — it's a hope. Businesses that recover from ransomware in hours have tested restore procedures.

Question 11 of 15

Do you use a VPN for remote access to company systems?

💡 Without a VPN, remote workers connect to internal systems over the public internet. This exposes your infrastructure to eavesdropping and man-in-the-middle attacks.

Question 12 of 15

Do you have an incident response plan for if you get breached?

💡 The first 30 minutes of a breach determine the outcome. Without a plan, businesses waste critical time figuring out who to call, what to shut down, and how to contain damage.

Question 13 of 15

Do you have cyber liability insurance?

💡 A mid-size breach costs $200K on average. Cyber insurance covers incident response, legal fees, and business interruption — often the difference between recovery and closure.

Question 14 of 15

Are administrator / elevated privileges limited to only the people who truly need them?

💡 Over-privileged accounts are an attacker's dream. If someone with admin rights gets compromised, the attacker immediately controls your entire environment — not just one account.

Question 15 of 15

Do you encrypt sensitive data at rest (stored) and in transit (transmitted)?

💡 Unencrypted data means a single stolen device or misconfigured cloud bucket hands attackers your most sensitive business and customer information — without needing any other access.

How secure is your business?

Analysing your results