- 🖥️ 1. Devices & Workstations
- ☐ All computers are under 5 years old
☐ Operating systems are fully updated
☐ Antivirus/endpoint protection is active
☐ No shared user accounts
☐ Admin access is restricted
🚩 Red Flag: Slow PCs, outdated OS, everyone has admin rights
- 🌐 2. Network & Internet Security
- ☐ Business-grade firewall installed
☐ Firewall firmware updated
☐ Wi-Fi is encrypted (no open networks)
☐ Guest Wi-Fi is separated
☐ Router password has been changed
🚩 Red Flag: ISP-provided router with default settings
- 🔐 3. Cybersecurity Basics
- ☐ Multi-factor authentication enabled
☐ Strong password policy in place
☐ Phishing protection active
☐ Staff trained on cyber risks
☐ No reused passwords
🚩 Red Flag: Passwords written down or reused
- 💾 4. Backup & Disaster Recovery
- ☐ Automatic daily backups running
☐ Offsite or cloud backups configured
☐ Backups tested regularly
☐ Critical data identified
☐ Recovery plan documented
🚩 Red Flag: Backups not tested or only stored onsite
- 📧 5. Email & Cloud Security
- ☐ Business email (not free Gmail/Yahoo)
☐ Spam & phishing filters enabled
☐ Email forwarding rules reviewed
☐ Cloud access monitored
☐ Former employees removed
🚩 Red Flag: Ex-employees still have access
- 📊 6. Monitoring & Support
- ☐ Systems monitored 24/7
☐ Alerts set for failures
☐ Patch management automated
☐ IT issues logged & tracked
☐ Response time defined
🚩 Red Flag: IT is “reactive only”
- 🧠 7. Compliance & Policies
- ☐ Acceptable use policy exists
☐ Data protection policy defined
☐ Access permissions reviewed
☐ Password policy documented
☐ Cyber insurance requirements met
🚩 Red Flag: No written IT policies
- ✅ Health Score (Quick Qualification)
- 0–5 checked: 🚨 High Risk
- 6–10 checked: ⚠️ Medium Risk
- 11+ checked: ✅ Stable (but can improve)