CYBER SECURITY QUESTIONS Name Phone Number Email 1. Does your company have a designated individual or team responsible for cybersecurity? 1. Does your company have a designated individual or team responsible for cybersecurity? Yes No 3. Do you have a documented cybersecurity policy that outlines acceptable use of company systems and data? 3. Do you have a documented cybersecurity policy that outlines acceptable use of company systems and data? Yes No 2. Are all employees provided with cybersecurity training and awareness programs? 2. Are all employees provided with cybersecurity training and awareness programs? Yes No 5. Is there a process in place for regularly backing up critical data? If so, how frequently are backups performed? 4. How often are software and hardware systems updated with the latest security patches and updates? 6. Does your company use encryption to protect sensitive data both in transit and at rest? 6. Does your company use encryption to protect sensitive data both in transit and at rest? Yes No 7. Are strong, unique passwords enforced for all user accounts, and is multi-factor authentication implemented where possible? 7. Are strong, unique passwords enforced for all user accounts, and is multi-factor authentication implemented where possible? Yes No 8. How do you handle employee access to company systems and data, particularly for remote workers? 9. Does your company perform regular vulnerability assessments and penetration testing on its networks and systems? 9. Does your company perform regular vulnerability assessments and penetration testing on its networks and systems? Yes No 10. Are third-party vendors and contractors required to meet specific cybersecurity standards before accessing your company’s network or data? 10. Are third-party vendors and contractors required to meet specific cybersecurity standards before accessing your company’s network or data? Yes No 11. Do you have a process for securely disposing of old or unused hardware and digital assets? 11. Do you have a process for securely disposing of old or unused hardware and digital assets? Yes No 12. Are there controls in place to prevent unauthorized access to physical premises and sensitive areas within your organization? 12. Are there controls in place to prevent unauthorized access to physical premises and sensitive areas within your organization? Yes No 13. How do you manage and monitor network traffic to detect suspicious activity or potential security breaches? 14. Are employees encouraged to report security incidents or suspicious activities, and is there a clear protocol for doing so? 15. How do you ensure compliance with relevant cybersecurity regulations and standards applicable to your industry? 16. Are remote access connections secured using VPNs or other encryption technologies? 16. Are remote access connections secured using VPNs or other encryption technologies? Yes No 17. Do you comply with relevant industry standards (e.g., NIST 800-53, NIST 800-171, CMMC, PCI, HIPPA)? 17. Do you comply with relevant industry standards (e.g., NIST 800-53, NIST 800-171, CMMC, PCI, HIPPA)? Yes No 18. Are there controls in place to prevent and detect insider threats, such as data theft or sabotage by employees? 18. Are there controls in place to prevent and detect insider threats, such as data theft or sabotage by employees? Yes No 19. How often does your company conduct cybersecurity risk assessments to identify and prioritize potential threats and vulnerabilities? 20. Do you know about Zero Trust architectures and is your company adhering to that framework? SUBMIT