How safe is your organisation from a cyber-attack?Complete our quiz to generate your current cyber-security score!PasswordsWhat is your company’s current password policy?*We have a spreadsheet that contains all the usernames and passwords for every single user on the networkAll employees must change their password yearly – we have no control over the length or complexityEmployees are required to change their password every 90 days, and must have a password that is at least 12 characters long, including symbols, numbers, and upper and lowercase lettersTrainingDoes your company provide your staff with any form of cyber security training?*We pay our IT Company to care about security – Why should my staff care?If we are sent a spam email or dodgy attachment – we will inform staff to ignore itWe regularly train staff members so that they are up to date with new attacks and able to spot them without being toldWireless Network AccessWhat is your company policy for wireless network access?*We have one wireless network accessed by all users, both staff and guest users can access the network through itWe have separate staff and guest Wi-Fi networks, only staff can get access to our business data network, the password never changesWe have separate staff and guest Wi-Fi networks, staff devices are given access automatically through policies. There is a separate guest network Wi-Fi password is changed on a frequentlyUpdatesHow are updates to company software currently managed?*We have an IT manager who looks at updates manually when he canWe have no IT manager but software is set to update automaticallyOur IT provider constantly monitors our systems and updates software where necessaryStartes & LeaversDoes your company have an existing process for new starters and leavers, which includes your IT company and network access control?*We view these processes as a purely HR function and do not involve IT, teams have access to shared accounts which are made available to them depending which team they are joiningWe ask IT to setup new user accounts when we have a new staff member join our businessWe have an approval process for user account creation, with care taken to ensure the user is granted access to the correct information, and IT are told in advance of any staff leaving the business – these changes can only be made by approved usersBudgetDo you have a dedicated budget for cybersecurity?*We use the router we were given and we run free anti-virus softwareWe pay for anti-virus software, but there is no montoring solution in placeWe have a specific IT budget with areas dedicated to cybersecurity, we have systems in place to monitor network traffic and Anti-Virus software and any alertsRansomwareYou believe your network or PC is being infected with ransomware & your files are starting to be encrypted, what is the current process for handling this?*Follow our data breach policy, which starts with the immediate action of unplugging the infected device from the network as quickly as possible and restoring the data from up to date backupsI have no backup so would likely just pay the ransom feeWe have AV – we wouldn’t get hit my ransomwareBackupsWhat is your organisations back-up policy and where are your backups held?*On the device the original file was created on.We save created files to our own workstation and back it up on the company intranet or SharepointWe backup data daily to an offsite server or deviceEmployee devicesCan your employees connect their own devices to your company’s network?*They are free to connect their device at any time.Some colleagues may need to connect their personal phone or storage device to their work computer to do their job fully – your IT department should know of this and set up the access, as well as ensure the device is secure and meets company policiesNever3rd Party USB SticksYou have been sent a large amount of free USB sticks for staff use. What do you do?*Well we have needed USB sticks for a long time, so give them out of course?We love free stuff! But we would pass them to our IT department first to check them outWe have no IT department but never plug devices whose source we don’t know onto our company’s networkSensitive Data & PIIHow is sensitive data and PII handled within your company?*Wherever the data is received, whether its by email or physical mediaIn a secure location with frequently updated access controls. Only employees who need access to the data have access to the dataOn a shared network drive or sharepoint siteOffice SecurityHow do you physically secure your offices?*We have a list of keyholders, once the building is unlocked, employees come and go as they pleaseEach employee has a key fob or passcode to enter the building. This is the only way inEmployees have an access code to a digital lock – this is rarely changedYour DetailsPlease enter your details below so we can send you your results.First NameLast NameEmail Address EmailThis field is for validation purposes and should be left unchanged.