Are you at risk?

Take our 3 minute quiz to find out.

Cyber Risk Level

0
%
Complete Assessment
Answer all questions to see your risk level
⚠️ Please note: Score may be improved by providing all answers
1
2
3
4
5

1. Access and User Security

Is MFA required for all users? *

Employees should provide a second form of authentication, like a code sent to their phone, when accessing Cloud services such as Microsoft 365. Without MFA, accounts are at higher risk of being compromised.

⚠️ Please select an answer to continue

Are employee accounts regularly reviewed to remove unnecessary privileges and leavers? *

Employees should only have the access they need, and accounts for those who have left the company must be removed. Keeping outdated or excessive permissions increases security risks.

⚠️ Please select an answer to continue

Are there separate Administrator and Standard User accounts? *

Employees with administrative privileges should have a dedicated admin account instead of using their everyday login. Using a separate account for admin tasks reduces the risk of privilege misuse and credential theft.

⚠️ Please select an answer to continue

Is there monitoring and alerting in place to detect potential threats? *

The organisation should have security measures in place to identify logins from unusual locations or anonymous VPN's and take action, such as alerting admins or disabling the account. Without this attackers could access systems unnoticed and escalate an attack.

⚠️ Please select an answer to continue

Are emails scanned for malicious links and attachments? *

Emails should be automatically scanned for malicious content like phishing links, malware, or spam without purely relying on the email vendor security (such as 365 only). Without email security measures, employees are more vulnerable to cyber threats.

⚠️ Please select an answer to continue

2. Device and Network Security

Are firewall rules reviewed and updated regularly? *

The business should ensure firewall security patches are applied promptly. Firewalls help block unauthorised access, and outdated ones can be exploited by attackers.

⚠️ Please select an answer to continue

Is guest WiFi separate from corporate systems? *

Guests and visitors should be restricted to a different Wi-Fi network from company systems. If guests can connect to internal networks, they could accidentally or intentionally compromise security.

⚠️ Please select an answer to continue

Are workstations and all third-party applications (such as Chrome and other installed software) patched and updated on a regular schedule? *

Regularly applying updates to both operating systems and third-party software is essential because unpatched systems are common targets for hackers.

⚠️ Please select an answer to continue

Is there an up-to-date inventory of all IT assets? *

Organisations should keep track of all IT assets, including devices and software. Without an inventory, it's harder to manage updates, security patches, and risks.

⚠️ Please select an answer to continue

Can you isolate devices to prevent the spread of ransomware? *

If ransomware is detected on one device, it should be quickly cut off from the network to prevent it from spreading. Without isolation measures, ransomware can rapidly infect multiple systems.

⚠️ Please select an answer to continue

Is antivirus software standardised across all servers and workstations? *

The same antivirus software should be deployed consistently across the business. Using different antivirus solutions can create security gaps and make management more complex.

⚠️ Please select an answer to continue

3. Data Protection

Are critical systems backed up to an offsite location regularly? *

All critical data, including Cloud services like SharePoint, should be backed up and stored securely to protect it from loss or ransomware attacks. Without backups, data loss could be irreversible.

⚠️ Please select an answer to continue

Do you regularly test backup restoration? *

Backups should be tested regularly to confirm they can be restored when needed. A backup is useless if it fails when recovery is required.

⚠️ Please select an answer to continue

Is there a documented disaster recovery plan? *

Organisations should have a disaster recovery plan that enables it to resume operations quickly after an incident. Without one, recovery could take weeks or months.

⚠️ Please select an answer to continue

4. Governance and Awareness

Do employees receive regular cybersecurity awareness training? *

Employees should be regularly trained to recognise cyber threats like phishing, ransomware, and social engineering. Without training, employees are more likely to fall for scams.

⚠️ Please select an answer to continue

Are phishing simulation exercises conducted regularly? *

Employees should be periodically tested with fake phishing emails or similar exercises to measure and improve their awareness. Regular testing helps reinforce security training.

⚠️ Please select an answer to continue

Are regular cybersecurity risk assessments conducted? *

Organisations should regularly evaluate its security risks and implement measures to reduce them. Without assessments, vulnerabilities may go unnoticed.

⚠️ Please select an answer to continue

Does your organisation have cyber insurance? *

Organisations should have cyber insurance and comply with its security conditions. Failing to meet these conditions could result in a rejected claim.

⚠️ Please select an answer to continue

Is there a documented cybersecurity policy that employees must acknowledge? *

Employees should formally acknowledge and agree to follow security policies, including password management and personal device usage. Without clear policies, employees may unknowingly create security risks.

⚠️ Please select an answer to continue

Is there a policy to prevent the use of unapproved devices and software? *

Personal or unmanaged devices should not be used to access company data. Allowing unapproved devices increases security risks, as these devices may lack necessary security controls.

⚠️ Please select an answer to continue

5. Get Your Results

Enter your details to view your complete cyber risk assessment.

Contact Information

Your Cyber Risk Assessment Complete!

Next Steps

Our cybersecurity experts can help you address any vulnerabilities identified in your assessment and strengthen your security posture.

Request discovery call with Cyber expert

Want to Try Again?

You can restart the assessment to test different scenarios or update your answers.

Request a Call

Your details will be sent to SCG and a member of our cybersecurity team will be in touch shortly to discuss your assessment results.

Your Information: