Small Business Security Assessment

Question 1

Is there a clear person who looks after protecting the business from online threats and account problems, even if it is only part of their job?

This does not need to be a full-time role. It just means someone is clearly responsible for keeping things moving.

No clear owner People assume someone else is handling it Someone usually takes the lead, but it is informal A clear owner exists and checks in from time to time A clear owner exists, with regular follow-through

Question 2

Do you feel you have enough time and know-how in-house to stay on top of this?

Think about whether this gets proper attention, or whether it keeps slipping behind other priorities.

No, we are stretched and unsure We mostly react when something worries us We manage some of it, but it is hard to stay on top of We mostly cope in-house Yes, we have the time and confidence to manage it well

Question 3

Are your important accounts protected by an extra sign-in step, not just a password?

Think about email, finance tools, cloud storage, and any system that would cause real pain if someone got into it.

Hardly ever Only on a few accounts On many important accounts, but not all On nearly all important accounts Yes, consistently on important accounts

Question 4

When someone leaves or changes role, is their access changed quickly and reliably?

This includes staff, contractors, shared tools, email, and anything else they could still get into.

No, this is ad hoc We usually catch the obvious ones, but not reliably We have a basic process, but it is easy to miss things We usually handle this properly Yes, this is handled consistently

Question 5

Are work laptops, phones, and tablets kept up to date and protected in a sensible way?

Think about updates, screen locks, anti-virus or similar protection, and whether old or unmanaged devices are common.

Not really Some are looked after, but it is patchy Most are covered, though there are gaps Yes, mostly Yes, consistently

Question 6

Do you know what software and online tools your staff use for work, and keep risky extras to a minimum?

This includes random downloads, unapproved apps, old software, and personal tools being used for business work.

No, people use whatever works We try, but it is not very controlled We have some preferred tools, but there are exceptions Yes, mostly Yes, we keep this well under control

Question 7

How confident are you that your important files and systems are backed up and could be restored?

Backups only help if you know what is covered and could get it back without too much confusion.

Not confident at all Some backups exist, but we are not sure they would help enough Important things are backed up, but we have not really proved recovery We are reasonably confident Very confident, and we have checked this properly

Question 8

If an online scam, account break-in, or tech problem seriously disrupted the business tomorrow, would you know what to do first?

You do not need a thick document. A short, usable plan is enough.

No, we would be working it out on the spot We have rough ideas, but nothing clear We have some notes or partial steps We have a simple plan for the basics We have a clear plan and key people know it

Question 9

How confident are your staff in spotting suspicious emails, messages, or requests?

Think about fake invoices, strange links, urgent payment requests, password requests, and anything that feels off.

Staff are not really prepared for this Awareness is low and informal Some staff are alert, but it is mixed Staff are generally aware and know the basics Staff are confident and this is reinforced regularly

Question 10

Is it easy for staff to say, "This looks wrong" and quickly get help?

This could be a known person, a shared mailbox, a simple process, or just a route everyone understands.

No clear route People would probably ask around There is a route, but not everyone knows it There is a clear route most people understand Reporting is clear, simple, and used confidently

Do you need help protecting your business?