Cybersecurity Assessment Pre-Survey

4

A single business leader has been specified and owns the responsibility and accountability for cybersecurity in your organization.

A single business leader has been specified and owns the responsibility and accountability for cybersecurity in your organization. Yes No or not sure

5

Your organization conducts regular cybersecurity checkups and receives recommendations on improving its cybersecurity posture.

Your organization conducts regular cybersecurity checkups and receives recommendations on improving its cybersecurity posture. Yes No or not sure

6

There are written policies on how your employees are expected to use company technology devices and data.

There are written policies on how your employees are expected to use company technology devices and data. Yes No or not sure

7

There is a written plan of action should your company experience a breach or cybersecurity incident.

There is a written plan of action should your company experience a breach or cybersecurity incident. Yes No or not sure

8

At least once per year, you hire a "good" hacker to break into your systems and report on potential weaknesses to address.

At least once per year, you hire a "good" hacker to break into your systems and report on potential weaknesses to address. Yes No or not sure

9

You receive ongoing alerts about new cybersecurity threats, topics, and trends that may impact your organization.

You receive ongoing alerts about new cybersecurity threats, topics, and trends that may impact your organization. Yes No or not sure

10

Your employees/volunteers are regularly tested to see if they might click on bad links or open unknown files in suspicious emails.

Your employees/volunteers are regularly tested to see if they might click on bad links or open unknown files in suspicious emails. Yes No or not sure

11

Your employees receive ongoing, regular awareness training on cybersecurity safety, topics, and best practices.

Your employees receive ongoing, regular awareness training on cybersecurity safety, topics, and best practices. Yes No or not sure

12

You regularly monitor employee credentials to find out if they have been stolen, sold, or published on the Dark Web.

You regularly monitor employee credentials to find out if they have been stolen, sold, or published on the Dark Web. Yes No or not sure

13

Your public facing websites are routinely monitored for adware, malware, blacklisting and other vulnerabilities.

Your public facing websites are routinely monitored for adware, malware, blacklisting and other vulnerabilities. Yes No or not sure

14

Your organization’s network and devices are routinely scanned to find potential weaknesses and vulnerabilities.

Your organization’s network and devices are routinely scanned to find potential weaknesses and vulnerabilities. Yes No or not sure

15

Your organization has enabled and enforces MFA on all systems that allow for it

Your organization has enabled and enforces MFA on all systems that allow for it Yes No or not sure

16

You have backups for all important systems (email, files, databases, website)

You have backups for all important systems (email, files, databases, website) Yes Some but not all No or not sure

17

Have you recently performed a security review and data classification of your systems?

Have you recently performed a security review and data classification of your systems? Yes No or not sure

18

Are you currently utilizing advanced antivirus software?

Are you currently utilizing advanced antivirus software? Yes No or not sure

19

Does your organization monitor or have a way of detecting, preventing or responding to an attack or system failure?

Does your organization monitor or have a way of detecting, preventing or responding to an attack or system failure? Yes No or not sure

20

Does your organization perform risk assessments on its information and systems?

Does your organization perform risk assessments on its information and systems? Yes No or not sure

21

Does your organization have a process for disposing of private information within a reasonable amount of time, after it is no longer needed for business purposes?

Does your organization have a process for disposing of private information within a reasonable amount of time, after it is no longer needed for business purposes? Yes No or not sure

22

Does your organization's Incident Response Plan include protocols for notifying affected New York residents in the event of a breach?

Does your organization's Incident Response Plan include protocols for notifying affected New York residents in the event of a breach? Yes No or not sure Not applicable

23

Does your website mention your data privacy and collection policy? Do you use SSL or TLS certificates?

Does your website mention your data privacy and collection policy? Do you use SSL or TLS certificates? Yes our website mentions data privacy and collection policies Yes we have SSL or TLS certificates Yes to both No or not sure

24

If your organization is subject to regulations like HIPPA or PCI, do you have a compliance officer?

If your organization is subject to regulations like HIPPA or PCI, do you have a compliance officer?  Yes No or not sure Not subject to regulations

25

Does your organization have a way to send sensitive data securely/encrypted?

Does your organization have a way to send sensitive data securely/encrypted? Yes No or not sure

26

Does your organization have Cyber Liability Insurance?

Does your organization have Cyber Liability Insurance? Yes No or not sure

27

Are you using a Password Manager or SSO (Single Sign On)?

Are you using a Password Manager or SSO (Single Sign On)? Yes we use a Password Manager Yes we use Single Sign On Yes to both No or not sure

29

Consent

By selecting "Yes, I consent" below, I am consenting to provide RoundTable Technology with the information contained in this survey. This information is collected for the purpose of helping RoundTable professionals better understand your organization's cybersecurity needs. 

Consent Yes, I consent.