CYBER SECURITY QUESTIONS

1. Does your company have a designated individual or team responsible for cybersecurity?

3. Do you have a documented cybersecurity policy that outlines acceptable use of company systems and data?

2. Are all employees provided with cybersecurity training and awareness programs?

6. Does your company use encryption to protect sensitive data both in transit and at rest?

7. Are strong, unique passwords enforced for all user accounts, and is multi-factor authentication implemented where possible?

9. Does your company perform regular vulnerability assessments and penetration testing on its networks and systems?

10. Are third-party vendors and contractors required to meet specific cybersecurity standards before accessing your company’s network or data?

11. Do you have a process for securely disposing of old or unused hardware and digital assets?

12. Are there controls in place to prevent unauthorized access to physical premises and sensitive areas within your organization?

16. Are remote access connections secured using VPNs or other encryption technologies?

17. Do you comply with relevant industry standards (e.g., NIST 800-53, NIST 800-171, CMMC, PCI, HIPPA)?

18. Are there controls in place to prevent and detect insider threats, such as data theft or sabotage by employees?