Do you have an overarching cybersecurity or IT security policy that is documented and communicated within your organisation? Does the policy translate into day-to-day procedures which staff can follow?

Do you allow employees to use their own devices and home computers to access your corporate network? Have you considered implementing ‘two-factor’ authentication?

Are your staff regularly informed and educated on cybersecurity including the dangers of poor passwords, phishing, and USBs?

If your third parties suffer a cybersecurity incident or data breach, how does this impact your business?

Do you know who has access to your IT environment, including outsourced contractors and third parties? What password requirements do you enforce for your IT and business systems?

Do you know what your critical business process are and where sensitive data is stored? Do you know about the importance of backups e.g. in context of ‘Ransomware’?

Is there a defined process for responding to security incidents and data breaches? Do you have a relationship with a specialised security provider to assist?

How do you routinely monitor and detect for potential cybersecurity vulnerabilities, events and incidents?

Have you established a routine patching process which covers all of your IT applications and systems, including desktops, laptops, servers and critical applications?

Are you aware of the risks of using untrusted and unsecured USBs? Do you have a ‘removable media’ policy which prescribes the usage to staff?