NOTE: This Cybersecurity Self Assessment was created and provided by Core Business Solutions (https://www.thecoresolution.com/)

Essential Best Practices for Protecting Small Business

All small businesses face the risk of a cyber-attack that can disrupt or devastate their organizations. However, not
many small businesses have a clear understanding of what is needed for cybersecurity protection from today’s
threats and where they stand in being prepared.


Cybersecurity is not just a technical problem that can be handed to your IT resources to be dealt with. It requires
an all-in approach involving top management, IT staff, cybersecurity experts and every employee. It is important
to understand everyone’s responsibilities, resources needed, and technologies involved to establish a solid
approach to protecting your business from cyber-attacks.

Instructions

This self-assessment tool is intended to help senior leaders to get a handle on how their organization stacks up
against today’s small business best practices.


It is organized into three focus areas: 1. Cybersecurity Management, 2. Cybersecurity Expertise, 3.
Cybersecurity Technologies. Questions with a “No” or “Don’t Know” response represent a weakness in your
cyber defenses and a potential threat to your business. It is advised that top management oversees the closure
of these gaps as soon as practical to secure your business. 

 
Part 1: Cybersecurity Management
Use the questions below to determine the responsibilities of senior management
YES NO Don't Know
Do you regularly communicate the importance of cybersecurity to all employees?      
Do you have regular training for all employees on cybersecurity?  Does it include phising tests?      
Do you have documented policies and procedures for cybersecurity?      
Do you have a dedicated budget for cybersecurity?      
Do you maintain an ongoing list of improvements for cybersecurity?      
Do you have an independent 3rd party regularly conduct a gap assessment of your cybersecurity?      
Do you have cybersecurity metrics that are reviewed at the executive level?      
Do you have a cybersecurity plan in place for remote workers?      
Do you have a cybersecurity insurance policy or breach insurance policy?      
Are you confident your business could resist/survive a cyberattack within the next 12 months?      

 

Part 2: Cybersecurity Expertise
Use the questions below to evaluate your person resources focused on cybersecurity
YES NO Don't Know
Do you have a cybersecurity expert (3rd party or in-house) separate from your IT team/resource?      
Does your cybersecurity expert monitor, report and take action on potential incidents or suspicious activity?      
Do you have someone who regularly evaluates and reports on new, external cybersecurity threats to your business?      
Does your cybersecurity expert(s) have a CISSP, Comp TIA Security+, or other advanced cybersecurity certiification?      
If using a 3rd party managed service provider (MSP), have you reviewed the Servlce Level Agreement (SLA) to ensure all services are being provided?      

 

Part 3: Cybersecurity Technologies
Use the questions below to review your cybersecurity technologies. You may wish to review this list with your IT resources
YES NO Don't Know
Do you have a business class firewall that is monitored and updated regularly?      
Do you have a daily, encrypted, off-site back-up of your critical data and is restoration regularly tested?      
Do you have multifactor authentication (MFA) activated for all applications where it is available?      
Do you have a password management application in use, such as Last Pass or 1Password?      
Do you conduct regularly scheduled internal and external vulnerability scans?      
Do you have a patch management solution (RMM) in place?      
Do you have antivirus and endpoint detection and response (EDR) applications for all devices and are they updated regularly?      
Are device and system logs turned on and monitored 24x7 with a security information and event management (SIEM) system or equivalent?      
Do you have a web filtering application in place?      
Do you have a mobile device management (MDM) application for all mobile devices?      

 

Your Results

23-25 marked with “Yes”: You’re on the right path.


18-22 marked with “Yes”: You have several critical vulnerabilities that should be addressed ASAP.


Less than 18 marked with “Yes”: Your cybersecurity efforts are not effective, and your business is highly vulnerable
to a cyber-attack. 

Questions?

This Cybersecurity Self Assessment was created and provided by Core Business Solutions (https://www.thecoresolution.com/) Contact Core Business Solutions with questions or contact MMEC (jenniwest@montana.edu) for additional cybersecurity information and support.