20 Questions to Benchmark your security

1. Awareness and Training –  so your staff understands the risks 

• Is your staff trained for cybersecurity awareness at least once a year?
• Do you regularly update training and awareness to address new threats?

2. Data Security – so  your soft assets are  secure

• Is your sensitive data encrypted? (e.g., financial records, personal information of customers and employees, regulatory records) 
• Is access to sensitive data and key passwords on a need-to-know basis?

3. Incident Response – so you’re ready for a major situation 

• Do you test your incident response plan at least annually?
• Are you confident in your ability to respond to a cybersecurity incident?

4. Security Technology – so your toolkit is adequate and effective

• Does your organization use antivirus and anti-malware solutions on all endpoints, and change the products’ default settings?
• Are firewalls and intrusion detection in place, regularly tested and updated?

5. Vendor Management – so 3rd parties don’t undermine your security

• Are you confident in the security of your vendors and service providers?
• Are their cybersecurity practices reviewed at least annually?

6. Compliance and Policy – To help you get a clean audit

• Are your cybersecurity policies adequate, reviewed and updated annually?
• Do you comply with all applicable cybersecurity regulations and standards?

7. Physical Security –  so access to your workplace isn’t too casual

• Are there physical security controls (e.g., access control, surveillance) to protect offices, shops, and other critical infrastructure?
• Are your documents, assets and devices adequately secure in all locations?

8. Cyber Risk Insurance – so you can collect on your policy

• Do you maintain cyber insurance – and comply with all its provisions?
• Do you review and update your cyber coverage when your risks change?

9. Remote work – so your staff’s connections are more secure

• Have you implemented specific security protocols and tools for remote and hybrid work environments?
• Do your employees use VPNs or other secure methods to access company networks remotely?

10. ID Management – so your access controls are effective

• Do you have multi-factor authentication (MFA) for accessing critical systems and data?
• Do you regularly review and update access privileges as employee roles change or when they leave the company?

SCORING: Each “Yes” response scores indicates reduces your risk profile. Any “No” answer requires prioritized remediation. 

A total score so far less than 20 indicates that weaknesses are making you more vulnerable to attack than you need to be.

Before continuing to the remaining questions…

Ready to Secure Your Organization’s Future?

A strong security posture doesn’t just protect data—it safeguards your business. 

This Cyber Risk Assessment highlights crucial areas where your organization may be vulnerable to threats. Whether you need to enhance employee training, lockdown sensitive data, or ensure robust incident response, every aspect of cybersecurity demands vigilant precision.  CIC’s experts are here to help you avoid cyber disaster.

 take the next step Click here for CIC 

Subscribe now to CIC’s Services for access to:

• Timely Threat Newsflashes that keep you ahead of emerging cybersecurity threats with up-to-the-minute newsflashes tailored to your industry and business needs.
• Exclusive One-on-One Cyber Business Risk Assessors powered by cutting-edge Large Language Model (LLM) capabilities. CIC’s personalized assessments delve deep into your organization’s unique vulnerability profile to tailor advice and actionable strategies – making you smarter and better able to manage security.
• Comprehensive Suite of Cybersecurity Solutions: From regulatory compliance to advanced threat detection and even simple fixes, our extensive range of services is designed to fortify every aspect of your cybersecurity framework.

Lower your risk, enhance your security, and lead your industry with confidence. Join the leaders who choose CIC Services to transform their cybersecurity challenges into opportunities for growth and resilience.

Click here for CIC resources

Take a closer look at your security here

11. Mobile and Device Security – so you’re safe anywhere you connect

• Are there policies and tools in place to secure mobile devices used for business purposes?
• Does your organization enforce the use of secure, encrypted connections for all mobile communications?

12. Backup and Recovery – so you have and can use adequate backups

• Are regular backups of critical data captured and tested for integrity?
• Is there a disaster recovery plan that includes procedures for data recovery and prioritized business continuity?

13. Network Security – to help you divide and conquer the data devils

• Are your network and data partitioned to protect sensitive data?
• Do you require regular security assessments of your network (e.g., penetration testing, vulnerability scanning)?

14. Email and Communication Security – so your messages are safe

• Are email security tools (e.g., spam filters, phishing detection) in place and regularly updated?
• Do you have policies and procedures to handle suspicious emails and communications, and are employees trained to recognize these threats?

15. Cloud Security – so your exposure to the cloud isn’t up in the air

• Do you regularly audit your cloud services and infrastructure for security compliance, configuration issues and commonly known vulnerabilities?
• Do you ensure that cloud providers meet specific security standards relevant to your industry?

16. Security Policies and Procedures – so your governance scope is clear 

• Is there a clear policy for managing and reporting security breaches?
• Do you regularly communicate your security policies clearly to all levels of the organization?

17. External Security Audits and Certifications – for objective benchmarks

• Does your organization undergo external cybersecurity audits?
• Are your staff’s cybersecurity certifications maintained and current? (e.g., ISO 27001, SOC 2)

18. Customer Data Protection – so your reputation is trustworthy

• Are there mechanisms in place to ensure customer data privacy and compliance with data protection laws (e.g., GDPR, CCPA)?
• Do you conduct regular privacy impact assessments for new and existing products?

19. Product Management – from pre-implementation through migration

• Is security integrated into the development lifecycle of your products?
• Are there adequate security reviews and timely fixes for your software products?

20. Board-Level Cybersecurity Oversight – to help you control the narrative

• Does the board actively oversee cyber risk management?
• Does the board receive regular updates on cybersecurity risks and issues?

How Is My Organization Doing?

Based on the self-assessment’s results, you can quickly identify areas needing attention and discuss specific security improvements with your IT team or a cybersecurity expert.

 take the next step – We’ll Talk you through your assessment

Click here for CIC 

Upgrade to a CIC subscription to access our comprehensive Cyber Business Risk Assessor to give yourself a better read of your strengths and vulnerabilities.