A complete picture of your IT environment
Thirteen questions covering email, access controls, device management, backups, network security, vendor ownership, licenses, and policies. This is the most thorough starting point for understanding where your technology stands — and where the highest-priority gaps are.
0 of 13 questions answered
1. Do all employees use company-managed email accounts?
Personal email accounts used for business create data sovereignty and security gaps. Company-managed accounts give the business control over communications and data when someone leaves.
2. Is multi-factor authentication (MFA) required for email, file storage, and key business systems?
MFA is the highest-impact security control available. Requiring it across all major systems dramatically reduces the risk of account takeover — the most common entry point for business email compromise.
3. Do you have a documented onboarding and offboarding process for employees?
Undocumented processes create inconsistency. Onboarding affects how employees learn to work safely. Offboarding affects whether access is completely and consistently removed when someone leaves.
4. Do employees primarily use company-provided devices for work?
Personal devices used for business work are harder to secure, manage, and remotely wipe. Company-provided devices give the business control over its data environment.
5. If employees use company-provided devices, are those devices secured and managed centrally?
Unmanaged devices cannot be patched, monitored, or wiped consistently. Central device management turns a collection of endpoints into a managed asset the business actually controls.
6. Are devices encrypted and protected with security software?
Encryption protects data on lost or stolen devices. Security software catches threats that reach the endpoint. Both are baseline controls for any device used for business.
7. Are business-critical files and systems backed up automatically?
Manual backups get skipped. Automatic backups create a reliable, consistent recovery point regardless of whether anyone remembers to run them.
8. Have you tested a backup restore in the past 12 months?
An untested backup is not a backup. The restore process is what matters — not whether the scheduled job ran. Many businesses discover backup failures only when they need to recover.
9. Is guest Wi-Fi separated from your business network?
Combining guest and business networks gives anyone with the Wi-Fi password potential access to internal systems. Network segmentation is a basic control that eliminates this exposure.
10. Do you use business-grade firewall or network equipment?
Consumer-grade equipment is not designed for business security requirements. Business-grade equipment provides better controls, logging, and reliability for a multi-user environment.
11. Do you have a clear, documented owner for each vendor relationship, renewal, and admin account?
If ownership depends on asking a specific person or searching emails, it is not documented. Undocumented ownership creates gaps when people leave, vendors change, or renewals approach.
12. Do you regularly review software licenses and user accounts to remove unused or redundant access?
Unused accounts are a security risk — former employees, contractors, or trial accounts with valid credentials. Unused licenses are an unnecessary cost. Regular review addresses both.
13. Do you have written IT or cybersecurity policies?
Written policies create consistent expectations for employees and demonstrate due diligence to insurers, auditors, and enterprise clients. Verbal-only policies create inconsistency and liability.