Your Cybersecurity Score

Your overall score

Your score compared to other companies

Your Score
Average Score
Best Score
I want to improve my score

Please answer all the question below to see your CyberSecurity Score

Do you have MFA (Multi-Factor Authentication) enabled for your employees?

If your vendor has a data security breach, do you have the ability to determine if your data is being sold online?

How long would it take for you to find out about a hack or security breach?

Do you administer active phishing awareness campaigns for users in your network?

How do you store or secure information such as usernames and passwords?

Where do your employees work?

Do you have Mobile Device Management Policies or Mobile Application Management Policies in place to help protect data on mobile devices?

Do you conduct regular (every 2-3 days) data backups?

Do you regularly (every 2-3 days) backup your data offsite?

Do you have alerting system in place if one of the users in the company gets Ransomware and it starts encrypting files?

Do you store backups in encrypted format?

Do your company computers allow the use of flash drives or plug-in storage devices to copy or transfer data?

Can employees copy company data to their personal accounts? (OneDrive, Google Drive, Dropbox, etc.)

Do you have the ability to delete data from an employee’s laptop or mobile device if it is lost or stolen?

Do you have ability to block advertisements (Ads) on user devices?

Do you regularly update Windows and keep a log of when it was last updated?

Do you regularly update your antivirus software and keep a log of when it was last updated?

Is your data encrypted on all company devices?

Do you use RMM(Remote Monitoring and Management) software to perform security monitoring and management on company computers?

What types of devices are used at your company?

Do your employees use personally owned devices to conduct company business?

Do you have a physical firewall device in your network?

Does your firewall have an active threat protection subscription?

Do you have the ability to block specific sites or site groups from your employees?

Does someone at your company actively monitor or analyze firewall logs for suspicious activity?

In the event of an internet outage or network equipment failure, do you have any redundancies to allow users to continue working?

Do you have a VPN (Virtual Private Network) for top-level executives to use while they are traveling?

Do you have separate Wi-Fi networks for guests and company employees?

Who is your company’s email provider?

Does your company utilize software to block phishing links, dangerous email attachments, and filter spam messages?

Do you have DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework) records in place to prevent spoofing?

Do you have Conditional Access Policies enabled?

Do your employees share sensitive data such as credit card numbers, social security numbers, bank account details, or medical information over email?

Do your employees have the ability to send encrypted emails?

Do your employees have the ability to forward emails from their work email account to their personal email account?

Do your employees take annual cybersecurity awareness training?

Do you run test phishing campaigns to identify which employees need additional training?

If you share data with a vendor, do you have the ability to revoke data access when you are no longer working with that vendor?

Do your employees have the ability to install software without admin approval?

5 ). Do your employees have access to all company data or just the data that pertains to their role? (Example: Does the shipping department have access to financial data, etc.?)

Do your employees know where to report suspicious activity that they notice on their computers?

When an employee leaves the company, do you have the ability to remove or turn off his/her access to company data and systems?


Always consult an expert.

Cybersecurity can be complex depending on your company’s specific digital communication needs and industry. This checklist is composed of general questions related to measures an organization should have in place to ensure minimum standard security best practices, and does not qualify as legal advice, provide a certificate, measure of reliance or approval in manner. Successfully passing this assessment does not guarantee that you or your organization are 100% secure. You should always consult a cybersecurity expert such as Third Coast IT to make sure you have the correct measures in place. Contact us at 414-622-1000 or