Survey
4
A single business leader has been specified and owns the responsibility and accountability for cybersecurity in your organization.
A single business leader has been specified and owns the responsibility and accountability for cybersecurity in your organization.
Yes
No or not sure
5
Your organization conducts regular cybersecurity checkups and receives recommendations on improving its cybersecurity posture.
Your organization conducts regular cybersecurity checkups and receives recommendations on improving its cybersecurity posture.
Yes
No or not sure
6
There are written policies on how your employees are expected to use company technology devices and data.
There are written policies on how your employees are expected to use company technology devices and data.
Yes
No or not sure
7
There is a written plan of action should your company experience a breach or cybersecurity incident.
There is a written plan of action should your company experience a breach or cybersecurity incident.
Yes
No or not sure
8
At least once per year, you hire a "good" hacker to break into your systems and report on potential weaknesses to address.
At least once per year, you hire a "good" hacker to break into your systems and report on potential weaknesses to address.
Yes
No or not sure
9
You receive ongoing alerts about new cybersecurity threats, topics, and trends that may impact your organization.
You receive ongoing alerts about new cybersecurity threats, topics, and trends that may impact your organization.
Yes
No or not sure
10
Your employees/volunteers are regularly tested to see if they might click on bad links or open unknown files in suspicious emails.
Your employees/volunteers are regularly tested to see if they might click on bad links or open unknown files in suspicious emails.
Yes
No or not sure
11
Your employees receive ongoing, regular awareness training on cybersecurity safety, topics, and best practices.
Your employees receive ongoing, regular awareness training on cybersecurity safety, topics, and best practices.
Yes
No or not sure
12
You regularly monitor employee credentials to find out if they have been stolen, sold, or published on the Dark Web.
You regularly monitor employee credentials to find out if they have been stolen, sold, or published on the Dark Web.
Yes
No or not sure
13
Your public facing websites are routinely monitored for adware, malware, blacklisting and other vulnerabilities.
Your public facing websites are routinely monitored for adware, malware, blacklisting and other vulnerabilities.
Yes
No or not sure
14
Your organization’s network and devices are routinely scanned to find potential weaknesses and vulnerabilities.
Your organization’s network and devices are routinely scanned to find potential weaknesses and vulnerabilities.
Yes
No or not sure
15
Your organization has enabled and enforces MFA on all systems that allow for it
Your organization has enabled and enforces MFA on all systems that allow for it
Yes
No or not sure
16
You have backups for all important systems (email, files, databases, website)
You have backups for all important systems (email, files, databases, website)
Yes
Some but not all
No or not sure
17
Have you recently performed a security review and data classification of your systems?
Have you recently performed a security review and data classification of your systems?
Yes
No or not sure
18
Are you currently utilizing advanced antivirus software?
Are you currently utilizing advanced antivirus software?
Yes
No or not sure
19
Does your organization monitor or have a way of detecting, preventing or responding to an attack or system failure?
Does your organization monitor or have a way of detecting, preventing or responding to an attack or system failure?
Yes
No or not sure
20
Does your organization perform risk assessments on its information and systems?
Does your organization perform risk assessments on its information and systems?
Yes
No or not sure
21
Does your organization have a process for disposing of private information within a reasonable amount of time, after it is no longer needed for business purposes?
Does your organization have a process for disposing of private information within a reasonable amount of time, after it is no longer needed for business purposes?
Yes
No or not sure
22
Does your organization's Incident Response Plan include protocols for notifying affected New York residents in the event of a breach?
Does your organization's Incident Response Plan include protocols for notifying affected New York residents in the event of a breach?
Yes
No or not sure
Not applicable
23
Does your website mention your data privacy and collection policy? Do you use SSL or TLS certificates?
Does your website mention your data privacy and collection policy? Do you use SSL or TLS certificates?
Yes our website mentions data privacy and collection policies
Yes we have SSL or TLS certificates
Yes to both
No or not sure
24
If your organization is subject to regulations like HIPPA or PCI, do you have a compliance officer?
If your organization is subject to regulations like HIPPA or PCI, do you have a compliance officer?
Yes
No or not sure
Not subject to regulations
25
Does your organization have a way to send sensitive data securely/encrypted?
Does your organization have a way to send sensitive data securely/encrypted?
Yes
No or not sure
26
Does your organization have Cyber Liability Insurance?
Does your organization have Cyber Liability Insurance?
Yes
No or not sure
27
Are you using a Password Manager or SSO (Single Sign On)?
Are you using a Password Manager or SSO (Single Sign On)?
Yes we use a Password Manager
Yes we use Single Sign On
Yes to both
No or not sure
28
Do you have any specific security concerns? What drove you to schedule an appointment for a Cybersecurity Assessment?
Do you have any specific security concerns? What drove you to schedule an appointment for a Cybersecurity Assessment?