Question Title * Which statement best represents your employees’ internet permissions? My team has unrestricted internet access. My team is only restricted from accessing inappropriate websites. My team is restricted from viewing inappropriate websites, social media sites, or other specific websites. I’m not sure what my team is restricted to on the internet. OK Question Title * Which statement best represents your organization’s software permissions? My employees have no restrictions on their software. My employees have some restrictions on their software. My employees only have access to the software modules that they need. I don’t know what users have what permissions. OK Question Title * Do you have a written policy that tells employees how to deal with a cyber threat? Yes, they were given instructions in a written guide and are periodically sent reminders of it. Yes, they were given instructions in a written guide on their first day of employment. No, we have verbalized instructions, but have not provided written documentation. I’m not sure if we have a written policy or not. OK Question Title * Which statement(s) best represent your organization’s cyber security awareness training? My staff is provided with a copy of our internet safety and cyber security policy. Everyone receives cyber security awareness training when they start, which includes topics such as safe internet browsing habits and email best practices. We have had company-sponsored cyber security training sessions, and/or received periodic cyber security tips from people in my organization within the past year. None of these apply. OK Question Title * When was the last time you tested your employees on cyber security? This could include a formal exam, or a KnowBe4 email test. If you’re unfamiliar with this, KnowBe4 sends out safe spam emails to your organization and allows specific people (a.k.a. IT personnel or business owners) to see who clicked. My employees have been tested within the past year. My employees have been tested within the past five years. My employees were tested a long time ago. I have never tested my employees with a cyber security exam or KnowBe4 email test. OK Question Title * Let's say someone on your staff clicked on a link in a phishing email. What's the first step they have been instructed to do: Contact the IT person or vendor immediately. Discuss a course of action with the nearest supervisor. Power off the affected computer and remove its connection to your organization’s network. They have not been given specific instructions for handling a phishing threat. OK Question Title * How often do you require your staff to reset their workstation passwords? Once, or more, a year. Once every five years. We do not force password resets. I can't remember. OK Question Title * Select the most secure password according to today’s password safety standards. HotDiggityD0g Hotdog1 ILOVEMYDASHUNDNAMEDHOTD0G! M4DogHotd0g! I don’t know. OK Question Title * How are your IT needs taken care of? Someone at my organization takes care of IT, but they aren’t necessarily an IT person. I have an internal IT professional on staff who handles our needs. I have an IT vendor who takes care of our needs. I have both an internal IT person and outside vendor that handles our needs. OK Question Title * When was the last time you, or your IT person, audited your security software to ensure that there are no pending updates or out-of-date users in the system? I'm not sure. Within the last six months. Within the last year. More than a year ago. OK NEXT
