Cyber-readiness check
Answer 10 quick questions to see where your business stands — and the highest-impact things to fix first.
Is multi-factor authentication (MFA) enforced for all users — especially admins?
Do all endpoints run EDR (e.g. Microsoft Defender for Endpoint), actively monitored?
Are backups automated, offsite/immutable, and is a restore tested at least quarterly?
Are OS and third-party apps patched within days of a critical update?
Is email protected with SPF, DKIM and a DMARC reject policy?
Are admin rights limited (least privilege) with separate admin accounts?
Do staff get regular security-awareness training and phishing simulations?
Are security logs centrally collected and alerts actually triaged by someone?
Is there a written incident-response plan with known contacts and steps?
Are leavers' accounts and access removed promptly (same day)?
Indicative self-assessment, evaluated entirely in your browser.