Does your organisation have a wireless network, do employees or customers access your internal systems from remote locations?

Does anyone in your organisation take company-owned mobile devices (e.g. laptops, smart-phones and USB drives) with them, either home or when travelling?

Is network security training for employees optional at your organisation

Can employees use their computers or company issued devices indefinitely without updating passwords?

Has your IT department ever failed to install antivirus software or perform regular vulnerability checks?

Do you trade with customers electronically?

Is the delivery of goods/service to your customers dependent on digital systems?

Do you operate a website that provides you with an income?

Is your payroll dependent on digital systems?

Do you keep customers or employees information electronically?

Are customers credit card or bank details kept on your systems?

Are these details encrypted?

Do you back your data up regularly?

Does your organisation store sensitive information (e.g. financial reports, trade secrets, and intellectual property and product designs) that could potentially compromise your organisation if stolen?

Does your organisation digitally store sensitive employees’ or customers’ sensitive information? This can include government-issued ID numbers and financial information.

Do you update security software as soon as advised?

Are there automated checks and audit trails built into financial systems?

Are monthly checks made on funds leaving the business account?

Does anyone in your organisation use computers to access bank accounts or initiate money transfers?

Would you know what to do if your social media accounts were hacked?

Do you have an incident response plan for cyber-attacks?