Cybersecurity Self Assessment
NOTE: This Cybersecurity Self Assessment was created and provided by Core Business Solutions (https://www.thecoresolution.com/)
Essential Best Practices for Protecting Small Business
All small businesses face the risk of a cyber-attack that can disrupt or devastate
their organizations. However, not
many small businesses have a clear understanding of what is needed for cybersecurity
protection from today’s
threats and where they stand in being prepared.
Cybersecurity is not just a technical problem that can be handed to your IT resources
to be dealt with. It requires
an all-in approach involving top management, IT staff, cybersecurity experts and every
employee. It is important
to understand everyone’s responsibilities, resources needed, and technologies involved
to establish a solid
approach to protecting your business from cyber-attacks.
Instructions
This self-assessment tool is intended to help senior leaders to get a handle on how
their organization stacks up
against today’s small business best practices.
It is organized into three focus areas: 1. Cybersecurity Management, 2. Cybersecurity
Expertise, 3.
Cybersecurity Technologies. Questions with a “No” or “Don’t Know” response represent
a weakness in your
cyber defenses and a potential threat to your business. It is advised that top management
oversees the closure
of these gaps as soon as practical to secure your business.
| Part 1: Cybersecurity Management Use the questions below to determine the responsibilities of senior management |
YES | NO | Don't Know |
| Do you regularly communicate the importance of cybersecurity to all employees? | |||
| Do you have regular training for all employees on cybersecurity? Does it include phising tests? | |||
| Do you have documented policies and procedures for cybersecurity? | |||
| Do you have a dedicated budget for cybersecurity? | |||
| Do you maintain an ongoing list of improvements for cybersecurity? | |||
| Do you have an independent 3rd party regularly conduct a gap assessment of your cybersecurity? | |||
| Do you have cybersecurity metrics that are reviewed at the executive level? | |||
| Do you have a cybersecurity plan in place for remote workers? | |||
| Do you have a cybersecurity insurance policy or breach insurance policy? | |||
| Are you confident your business could resist/survive a cyberattack within the next 12 months? |
| Part 2: Cybersecurity Expertise Use the questions below to evaluate your person resources focused on cybersecurity |
YES | NO | Don't Know |
| Do you have a cybersecurity expert (3rd party or in-house) separate from your IT team/resource? | |||
| Does your cybersecurity expert monitor, report and take action on potential incidents or suspicious activity? | |||
| Do you have someone who regularly evaluates and reports on new, external cybersecurity threats to your business? | |||
| Does your cybersecurity expert(s) have a CISSP, Comp TIA Security+, or other advanced cybersecurity certiification? | |||
| If using a 3rd party managed service provider (MSP), have you reviewed the Servlce Level Agreement (SLA) to ensure all services are being provided? |
| Part 3: Cybersecurity Technologies Use the questions below to review your cybersecurity technologies. You may wish to review this list with your IT resources |
YES | NO | Don't Know |
| Do you have a business class firewall that is monitored and updated regularly? | |||
| Do you have a daily, encrypted, off-site back-up of your critical data and is restoration regularly tested? | |||
| Do you have multifactor authentication (MFA) activated for all applications where it is available? | |||
| Do you have a password management application in use, such as Last Pass or 1Password? | |||
| Do you conduct regularly scheduled internal and external vulnerability scans? | |||
| Do you have a patch management solution (RMM) in place? | |||
| Do you have antivirus and endpoint detection and response (EDR) applications for all devices and are they updated regularly? | |||
| Are device and system logs turned on and monitored 24x7 with a security information and event management (SIEM) system or equivalent? | |||
| Do you have a web filtering application in place? | |||
| Do you have a mobile device management (MDM) application for all mobile devices? |
Your Results
23-25 marked with “Yes”: You’re on the right path.
18-22 marked with “Yes”: You have several critical vulnerabilities that should be
addressed ASAP.
Less than 18 marked with “Yes”: Your cybersecurity efforts are not effective, and
your business is highly vulnerable
to a cyber-attack.
Questions?
This Cybersecurity Self Assessment was created and provided by Core Business Solutions (https://www.thecoresolution.com/) Contact Core Business Solutions with questions or contact MMEC (jenniwest@montana.edu) for additional cybersecurity information and support.
