Skip Ribbon Commands
Skip to main content
MLMINS.com
Attach FileAttach File
|
Spelling...Spelling...
CYBER-RISK ASSESSMENT
Directions: Place a checkmark in the box if your answer is "Yes" to any of the corresponding statements. After you have completed the form, you will be forwarded to your personalized cyber-risk assessment results.
Name *

Company *

Email *

Confirm Email *

1. IT MANAGEMENT: HOW INFORMATION IS GENERALLY STORED

1.1 My firm has a network map identifying all employees and devices that have access to firm data.

1.2 My firm has an electronic use policy regarding the proper use of firm technology.

1.3 My firm has a physical security checklist and regularly conducts physical security audits.

1.4 My firm encrypts all client data stored on the server.

1.5 My firm uses up-to-date anti-virus software on all computer devices.

1.6 My firm uses a firewall that limits and controls what can enter the data network.

2. NETWORK VULNERABILITIES

2.1 Firm employees do not have access the firm network from off-site computers.

2.2 Firm employees do not have the ability to install software on their computers.

2.3 Firm employees do not have the ability to download data on a flash drive.

3. DATA BACKUP

3.1 My firm has regular data backups.

3.2 My firm’s backup schedule includes daily backups of some firm information.

3.3 My firm has a designated employee to manage routine data backups.

3.4 I am aware of where I need to save firm data so that it will be backed up.

3.5 After my firm’s data is backed up, the data is stored offsite.

3.6 After my firm’s data is backed up, the data is encrypted.

4. PASSWORDS

4.1 Passwords are required for all firm computers and mobile devices.

4.2 Passwords are required to access all software applications containing client information.

4.3 Device passwords are changed every 45-60 days.

4.4 Passwords at my firm must be at least 8 characters, use a combination of character types, and cannot be a common word or phrase.

5. SMARTPHONES AND MOBILE DEVICES

5.1 Firm employees never use personal mobile devices to check work related email.

5.2 Firm employees do not have access to client information using a personal mobile device.

5.3 My firm has a BYOD (Bring Your Own Device) policy for all employees using personal mobile devices.

5.4 All mobile devices are required to have a PIN, a pattern, or a password to start the device.

5.5 All firm employees have “Find My iPhone” or “Find My Android” installed on their phones.

5.6 All firm employees have the ability to do a remote wipe on their smartphone.

5.7 The firm only uses encrypted flash drives.

5.8 The firm has a strict policy against using public Wi-Fi.

6. WORKING WITH CLOUD-BASED VENDORS

6.1 Employees working for my cloud-based vender cannot access my firm data.

6.2 My cloud-based vender encrypts all my stored data.

6.3 I can access my cloud-based data in the event I terminate my vender contract.

6.4 I can access my cloud-based data in the event my vender goes out of business.

6.5 My cloud-based vendor will return or destroy all my data on my demand.

6.6 I am aware of my cloud-based vendor’s data backup policy.

6.7 My cloud-based vender has a policy to notify me in the event of a data breach.

7. WORKING WITH CLIENTS

7.1 My firm encrypts emails relating to client matters.

7.2 My firm informs clients that their file is saved and stored digitally.

7.3 My firm informs clients that their data may be stored on an encrypted, offsite server.