Cybersecurity Assessment Pre-Survey

This is a quick self-assessment to help you and us understand your organization's level of cybersecurity readiness. This is a self-assessment and the more accurate the supplied information is, the more helpful the findings and recommendations will be for your organization. After you complete the Survey, we will discuss it with you during our scheduled Cybersecurity Assessment.

Contact Information

1

Name

3

Organization

Survey

4

A single business leader has been specified and owns the responsibility and accountability for cybersecurity in your organization.

5

Your organization conducts regular cybersecurity checkups and receives recommendations on improving its cybersecurity posture.

6

There are written policies on how your employees are expected to use company technology devices and data.

7

There is a written plan of action should your company experience a breach or cybersecurity incident.

8

At least once per year, you hire a "good" hacker to break into your systems and report on potential weaknesses to address.

9

You receive ongoing alerts about new cybersecurity threats, topics, and trends that may impact your organization.

10

Your employees/volunteers are regularly tested to see if they might click on bad links or open unknown files in suspicious emails.

11

Your employees receive ongoing, regular awareness training on cybersecurity safety, topics, and best practices.

12

You regularly monitor employee credentials to find out if they have been stolen, sold, or published on the Dark Web.

13

Your public facing websites are routinely monitored for adware, malware, blacklisting and other vulnerabilities.

14

Your organization’s network and devices are routinely scanned to find potential weaknesses and vulnerabilities.

15

Your organization has enabled and enforces MFA on all systems that allow for it

16

You have backups for all important systems (email, files, databases, website)

17

Have you recently performed a security review and data classification of your systems?

18

Are you currently utilizing advanced antivirus software?

19

Does your organization monitor or have a way of detecting, preventing or responding to an attack or system failure?

20

Does your organization perform risk assessments on its information and systems?

21

Does your organization have a process for disposing of private information within a reasonable amount of time, after it is no longer needed for business purposes?

22

Does your organization's Incident Response Plan include protocols for notifying affected New York residents in the event of a breach?

23

Does your website mention your data privacy and collection policy? Do you use SSL or TLS certificates?

24

If your organization is subject to regulations like HIPPA or PCI, do you have a compliance officer?

25

Does your organization have a way to send sensitive data securely/encrypted?

26

Does your organization have Cyber Liability Insurance?

27

Are you using a Password Manager or SSO (Single Sign On)?

28

Do you have any specific security concerns? What drove you to schedule an appointment for a Cybersecurity Assessment?