| Exposure | Yes | No | Unsure |
|---|---|---|---|
| Do you and your employees or customers access your internal system from remote locations and/or work off a wireless network? | |||
| Do members of your business take company owned devices (such as laptops, mobile phones, tablets and USB drives) out of the office? | |||
| Does your organisation use the cloud to store information? | |||
| Are your critical operation systems connected to a public network? | |||
| Do you, or any other member of staff, use computers or mobile devices to access bank accounts or transfer money? | |||
| Do you store sensitive data on your system such as intellectual property or financial reports that could damage your company if it was stolen? | |||
| Do you store sensitive customer or employee information on your system? (Financial information and government-issued ID numbers etc) | |||
| Do your employees ever neglect policies around the appropriate use of the internet, emails or their work computer? | |||
| Can your building be accessed without the use of an ID card? | |||
| Do employees have the option to opt out of network security training at your organisation? | |||
| Do employees have the option to use their company-issued devices or computers without creating their own secure password? | |||
| Has your IT department ever failed to install software updates or patches? | |||
| Would your organisation lose critical information in the event of a system failure or other network issue? | |||
| Could your business be sustained beyond 10 days without access to business-critical information? | |||
| Has your business or organisation neglected to review its cyber security procedure in the last year? | |||
