Business Security Score 1Start2Physical Security3Policies4User Management5Computer Management6Mobile Devices7Web Account Management8Internet Connections9Email10Backup & Recovery11Contact Form12Show Your Score Measure your Business Security Score. There are no technical questions, all multiple choice. Don't know is a valid answer as well. Should take less than 3 minutes. No trick questions. You can Save your answers to resume later. Hit Save in the lower right before leaving the site. You will get a link emailed to you. Answer all, then hit "Show Your Score" to see the results. You can move back to the prior pages via the Back button or the page numbers at the top of the survey. If you don't like the grade you got, fill out the form at the end. We will contact you and we will teach you how to improve your Business Security Score. If you have questions along the way call 844-KLOUD9IT (5568394), Option 2. Physical SecurityIs your server room or LAN closet locked?* Yes No Don't know Is access to your server and network connections physically controlled?Are IDs checked when “technicians” or “repairmen” come into your office?* Yes No Don't know Do they have some proof as to ID.Are your security cameras protected on the internet?* Yes No Don't know Not Applicable Are security cameras exposed publicly on the internet? Are they protected with passwords? PoliciesHR and staff PoliciesDoes your firm have a written Cyber Security policy?* Yes No Don't know A written policy that is part of the staff manual.Does your company have a written breach response policy?* Yes No Don't know Does your company fall under SEC, PCI or HIPAA regulations?* Yes No Don't know Do you directly handle credit card transactions?* Yes No Don't know Does your network security policy operate under the “Least Rights, Least Access” model?* Yes No Don't know This security model means that users are NOT administrators on their own machines, they can't install programs and domain administrator rights are never part of an active users rights.Do you have a written BCDR (Business Continuity and Disaster Recovery) plan?* Yes No Don't know Does your business have a Cyber Insurance policy?* Yes No Don't know User ManagementDoes your firm delete and change accounts/passwords when an employee leaves?* Yes No Don't know Do you have a user Security Awareness training program?* Yes No Don't know Does your firm require two factor authentication on Windows login?* Yes No Don't know Do you scan the Dark Web for compromised credentials?* Yes No Don't know Are users provided with an encrypted password manager?* Yes No Don't know Are users required to encrypt all USB drives that contain data?* Yes No Don't know Computer ManagementWhat is the oldest Windows Desktop version in use?* Windows 10 Windows 8 Windows 7 Windows XP If you have a mixture, chose the oldest desktop version.What is the oldest Windows Server version in use?* Server 2019 Server 2016 Server 2012 Small Business Server 2011 or earlier Server 2008 Server 2003 No Servers in house or the cloud Peer Networking If you have a mixture, chose the oldest server version.Are your computers patched on a schedule?* Daily Weekly Microsoft does this for us Don't know Do you have a patch approval & management policy?* Yes No Our IT provider does it Don't know Do you have an advanced endpoint defense system?* Yes No Don't know Advanced Endpoint means a centrally managed and automatically updated system with remdiation and protection against Ransomeware. Plus data loss through removable media, and web filtering no matter how connected.Does remote access for your computers require two factor authentication?* Yes No Don't know Remote access via Logmein, GoToMyPC, Microsoft Remote DesktopDo you encrypt your computer's disk storage?* Yes No Don't know Laptops and desktops hard drives are encrypted, may not require a PIN when booting. Mobile DevicesPhones and Bring Your Own Device (BYOD)Are your mobile computers encrypted?* Yes No Don't know Laptop, notebooks, tablets.Are all of the mobile phones accessing company email encrypted?* Yes No Don't know Does company policy allow for the automatic removal of email from mobile devices?* Yes No Don't know Are mobile phones managed by a central system like an MDM (Mobile Device Management)?* Yes No Don't know Do you allow staff to bring their own computers to work?* Yes No Don't know Or require they provide their own computers Web Account ManagementDo you require staff to use unique passwords for each web site?* Yes No Don't know No reuse of passwords between web sites or accounts.Is your company website secured with SSL encryption?* Yes No Don't know No reuse of passwords between web sites or accounts.* Yes No Don't know Do you audit your staffs passwords for weak or repeat use?* Yes No Don't know Truly random characters, no dictionary words Internet ConnectionsQuestions about how your firm is connected to the internet.Do you have a monitored hardware firewall on your network perimeter?* Yes No Don't know Does it have a current security subscription for the firewall?* Yes No Don't know Subscriptions need to be current to provide protection.Does your firewall stop people from going to inappropriate sites, or watching cat videos?* Yes No Don't know Does your firewall block connections to and from outside the US?* Yes No Don't know Does your firewall block connections to and from anonymized networks (The Onion Router, known as TOR)?* Yes No Don't know Is your guest Wi-Fi isolated from the network that your office computers are on?* Yes No Don't know Is your business Wi-Fi restricted to known computers, and not just a password?* Yes No Don't know EmailQuestions about how your firm Email service and settingsDoes your firm require Two Factor Authentication to access your Office 365 email?* Yes No Don't know Do you have an active Spam and attachment filter on your email?* Microsoft or Google Does it Yes, before it gets to our mailboxes No Don't know Do you archive all email that goes in or out of your firm?* Microsoft or Google Does it Yes No Don't know Do you have an email continuity service that allows sending and receiving of email even if your mail host is down?* Yes No Didn't know it was possible Don't know Backup & RecoveryQuestions about how your firm backs up data, the time to restore, and time to recover.How often are your files backed up?* Every 15 minutes Hourly Twice a day Once a day Don't know Is your ability to restore files and servers tested daily?* Yes No Never tried Don't know If disaster struck, be it physical or ransomware, how long to get the server restored.Are your backups replicated offsite* Immediately Hourly Twice a day Once a day Don't know Offsite means to cloud or another physical location. Ideally NOT on your network.Are your Office 365 email and files backed up?* Microsoft backs this up for us Hourly Twice a day Once a day Don't know If your are using some other email provider, or your Exchange server is still in house, please answer.How long does it take to recover an entire server?* Less than 30 Minutes Hours All Day Never tried Don't know If disaster struck, be it physical or ransomware, how long to get the server restored.Can you recover in the Cloud or data center?* Yes No Never tried Don't know If disaster struck, be it physical or ransomware, how long to get the server restored. Name* First Name Last Name Company Email* Your grade and score are below, possible score is from 0 to 250HiddenCurrent GradeA+: In the best Business Security Score Group!HiddenCurrent GradeA: Better than your peers!HiddenCurrent GradeB+: Better than Average HiddenCurrent GradeB: In the Top 20 Percent, but can improve. HiddenCurrent GradeC+: Room for improvement. HiddenCurrent GradeC: Are your really a "C" kind of business? HiddenCurrent GradeD: You are in serious trouble. HiddenCurrent GradeF: You need immediate training, call us. Current ScoreYou can use the Back button to go back and see how each items was scored. It also allows you to change your answers to see how your score would change. Schedule for 12 Minute Discovery call. Schedule Now Δ Schedule for 12 Minute Discovery call. Schedule Now
