Cybersecurity doesn't have to be complicated, but it does have to be intentional.

This assessment will help you quickly identify your organization’s strengths and blind spots across three key areas: People, Processes, and Technology.

Each question is designed to spark awareness and guide you toward simple, actionable next steps.

Goal: By the end of the assessment, you’ll know where you’re strong, where you’re vulnerable, and how to build a more cyber-ready culture.

When you're ready, click the START button below.

Start

Section 1: People - Your First Line of Defense

Your employees are your greatest asset and your greatest risk.
The following questions measure how consistently your team follows everyday cybersecurity habits.

Question 2 of 28

Do all employees receive cybersecurity awareness training at least once per year?

A

Yes

B

No

C

Not sure

Question 3 of 28

Do new hires complete a security onboarding module within their first 30 days?

A

Yes

B

No

C

Not Sure

Question 4 of 28

Are phishing simulations or awareness campaigns conducted at least quarterly via emails or other channels?

A

Yes

B

No

C

Not sure

Question 5 of 28

How confident are you in your employees’ ability to identify and report suspicious emails or messages?

A

Very confident

B

Somewhat confident

C

Not confident at all

Question 6 of 28

How confident are you that your employees use strong, unique passwords and multi-factor authentication?

A

Very Confident

B

Somewhat confident

C

Not confident at all

Question 7 of 28

How often are cybersecurity topics discussed in regular team meetings and company communications?

(Select all that apply)

A

Weekly

B

Bi-Weekly

C

Monthly

D

Quarterly

E

Semi-Annually

F

Annually

G

Never

Question 8 of 28

How would you describe your company’s cybersecurity awareness culture (e.g., how leaders reinforce expectations and how often employees are reminded)?

Paragraph answer

SECTION 2: Process — Policies, Planning, and Preparedness

Strong processes keep your team aligned and your data protected. In this section, you'll identify the policies, plans, and preparedness activities you currently have in place.

Question 10 of 28

Which of the following policies, plans, and preparedness activities does your company currently have in place?

(Select all that apply)

A

Written cybersecurity policies that are easy for employees to understand and access.

B

Defined processes for handling sensitive customer or financial information

C

A step-by-step incident response plan

D

Access management procedure where permissions are reviewed regularly (especially when employees change roles or leave the company)

E

Disaster Recovery Plan that includes testing backups periodically to ensure they can be restored when needed.

F

Vendor/Third Party Compliance - Vendors and Third Party Partners are required to follow your security standards.

G

None of the above

Question 11 of 28

All company policies are reviewed during a new hire's onboarding.

A

True

B

False

C

Not sure

Question 12 of 28

All company policies are reviewed and updated at least annually to stay in alignment with industry and technology changes.

A

True

B

False

C

Not sure

Question 13 of 28

Policies only work if people can find and use them.

How do you verify policies are being followed (audits, spot checks, phishing metrics, training completion, access reviews)?

Paragraph answer

Question 14 of 28

Are there defined consequences for repeated policy violations, and are they applied consistently?

A

Yes, consequences are documented, communicated, and applied consistently across the organization.

B

Mostly. Consequences exist, but application is inconsistent or varies by manager/department.

C

Partially. Consequences are informal or handled case by case with no consistent standard.

D

No. There is no defined consequences for repeated policy violations.

SECTION 3: Technology — Tools and Protections

Technology supports your people and processes — but only when it’s managed proactively. Which of the following are true about how your technology is managed within your organization today?

Question 16 of 28

All software is updated automatically or on a regular schedule.

A

True

B

False

C

Not sure

Question 17 of 28

Are all company devices (including remote laptops) protected by centrally managed endpoint security (antivirus + additional protections)?

A

Yes

B

Partially

C

No / Not Sure

Question 18 of 28

Multi-factor authentication (MFA) is enabled for all business-critical systems (systems your company relies on to operate—e.g., email/Microsoft 365 or Google Workspace, accounting/payroll, banking, remote access/VPN, admin accounts, and core business apps/CRM/ERP).

A

True

B

False

C

Not sure

Question 19 of 28

Firewalls, routers, and Wi-Fi networks are secured with unique strong passwords.

A

True

B

False

C

Not sure

Question 20 of 28

Sensitive files are stored and shared using secure, access-controlled tools (e.g., Microsoft 365 SharePoint/OneDrive/Teams or Google Drive) with restricted permissions and encrypted sharing—not shared via public links or unencrypted email attachments.

A

True

B

False

C

Not sure

Question 21 of 28

We back up important business data at least weekly to a secure location (cloud or offsite) so it can be restored if files are deleted, corrupted, or hit by ransomware.

A

True

B

False

C

Not sure

Section 4: Tell us just a little bit more

Tell us a little more about your cybersecurity reality.
We’ve covered the basics. Now we’d love to understand a bit more about your current environment and priorities.

Question 23 of 28

List any tools, vendors, or platforms your company currently uses.

Paragraph answer

Question 24 of 28

What processes have you implemented or what steps have you taken to increase cybersecurity risk awareness within your organization?

Paragraph answer

Question 25 of 28

What are your top cybersecurity concerns? What keeps you up at night when it comes to cyber risk or potential downtime?

Paragraph answer

Question 26 of 28

What are your top self-identified risks currently? Any specific gaps, incidents, or “near misses” you’re aware of?

Paragraph answer

Question 27 of 28

What else would you like to share with us that might enable us to better assess your cybersecurity risk?

Paragraph answer

Free Assessment Contact Disclosure

By submitting this assessment, you authorize CyberWise Training Solutions to contact you by email and/or text message at the contact information you provide regarding your assessment request, scheduling, and related follow-up (non-marketing). Message frequency varies. Message and data rates may apply. Reply STOP to opt out of assessment/scheduling texts.

Confirm and Submit

Name

Email

Subscribe to our email list

Cybersecurity doesn't have to be complicated, but it does have to be intentional.

When you're ready, click the START button below.

Section 1: People - Your First Line of Defense

Do all employees receive cybersecurity awareness training at least once per year?

Do new hires complete a security onboarding module within their first 30 days?

Are phishing simulations or awareness campaigns conducted at least quarterly via emails or other channels?

How confident are you in your employees’ ability to identify and report suspicious emails or messages?

How confident are you that your employees use strong, unique passwords and multi-factor authentication?

How often are cybersecurity topics discussed in regular team meetings and company communications?

How would you describe your company’s cybersecurity awareness culture (e.g., how leaders reinforce expectations and how often employees are reminded)?

SECTION 2: Process — Policies, Planning, and Preparedness

Which of the following policies, plans, and preparedness activities does your company currently have in place?

All company policies are reviewed during a new hire's onboarding.

All company policies are reviewed and updated at least annually to stay in alignment with industry and technology changes.

Policies only work if people can find and use them. How do you verify policies are being followed (audits, spot checks, phishing metrics, training completion, access reviews)?

Are there defined consequences for repeated policy violations, and are they applied consistently?

SECTION 3: Technology — Tools and Protections

All software is updated automatically or on a regular schedule.

Are all company devices (including remote laptops) protected by centrally managed endpoint security (antivirus + additional protections)?

Multi-factor authentication (MFA) is enabled for all business-critical systems (systems your company relies on to operate—e.g., email/Microsoft 365 or Google Workspace, accounting/payroll, banking, remote access/VPN, admin accounts, and core business apps/CRM/ERP).

Firewalls, routers, and Wi-Fi networks are secured with unique strong passwords.

Sensitive files are stored and shared using secure, access-controlled tools (e.g., Microsoft 365 SharePoint/OneDrive/Teams or Google Drive) with restricted permissions and encrypted sharing—not shared via public links or unencrypted email attachments.

We back up important business data at least weekly to a secure location (cloud or offsite) so it can be restored if files are deleted, corrupted, or hit by ransomware.

Section 4: Tell us just a little bit more

List any tools, vendors, or platforms your company currently uses.

What processes have you implemented or what steps have you taken to increase cybersecurity risk awareness within your organization?

What are your top cybersecurity concerns? What keeps you up at night when it comes to cyber risk or potential downtime?

What are your top self-identified risks currently? Any specific gaps, incidents, or “near misses” you’re aware of?

What else would you like to share with us that might enable us to better assess your cybersecurity risk?

Free Assessment Contact Disclosure

Confirm and Submit

Policies only work if people can find and use them.

How do you verify policies are being followed (audits, spot checks, phishing metrics, training completion, access reviews)?