22 Questions That Can Help Protect Your
Business
This quiz is intended as an education and diagnostic tool to help you
start thinking about security as it pertains to your small business. The
correct answers and the number of points awarded are noted in
parenthesis after the choice.
On This Page
| 1. |
What is a firewall?
- A method of protecting a computer network against unauthorized
access from the Internet (1 point)
A solid brick enclosure around a server room
| • |
A method of protecting a computer network
against unauthorized access from the Internet (1 point) |
| • |
A solid brick enclosure around a server room |
|
| 2. |
Why do software developers issue updates for their software?
| • |
Because they really enjoy staying in touch
with their customers |
| • |
Because thousands of attackers are constantly
trying to find previously unknown vulnerabilities and the software
companies want to protect users against these threats (1 point) |
|
| 3. |
Which of the following are attacks a criminal hacker might use?
| • |
Spoofing |
| • |
Tampering |
| • |
Repudiation |
| • |
Information disclosure |
| • |
Denial of Service (DoS) |
| • |
Elevation of privilege |
| • |
All of the above (1 point) |
|
| 4. |
Have you or your business suffered any of the following? (1 point
each because now you’re a veteran)
| • |
Computer theft |
| • |
Unauthorized disclosure of information by
staff or outsiders |
| • |
Loss of critical data that wasn’t backed up |
| • |
Virus infection |
| • |
Any kind of hacking or electronic intrusion |
|
| 1. |
Does someone on your staff oversee security issues?
|
| 2. |
When did you last review and update your security policy?
| • |
Within the last three months (2 points) |
| • |
Within the past year (1 point) |
| • |
What’s a security policy? |
|
| 3. |
Is there a manager responsible for ensuring ongoing compliance
with a security policy?
|
| 4. |
Do you carry out regular audits of computer and software
inventory?
|
| 5. |
Does your company have up-to-date policies covering the following
(1 point each)?
| • |
Strong passwords |
| • |
Email and Internet use |
| • |
Software piracy |
| • |
Online purchasing |
| • |
Theft |
|
| 6. |
Do you teach employees how to spot and address email hoaxes?
|
| 1. |
What physical security measures do you take to protect your
desktop PCs? (1 point each)
| • |
General physical security, including good
locks, alarms, and physical barriers |
| • |
Visitor access control |
| • |
PCs locked securely to desks |
| • |
Serial numbers of components recorded |
| • |
Computers not visible from the street on the
ground floor |
| • |
Monitors not facing windows from any floor |
|
| 2. |
What physical security measures do you take to protect your
servers? (1 point each)
| • |
Kept in a secure room |
| • |
Access restricted to authorized personnel |
| • |
Adequate fire protection |
| • |
Serial numbers of components recorded |
| • |
Backup power source |
| • |
Kept in a locked rack with access restricted
to only the subset of people who need access to the systems in
that particular rack |
|
| 3. |
What security measures do you take to protect your notebook
computers? (1 point each)
| • |
Transported in padded but nondescript bags |
| • |
Secured by a cable lock when unattended |
| • |
Components security marked |
| • |
Encrypted data on the notebook computer |
|
| 4. |
What physical security measures do you take to protect software
and backups? (1 point each)
| • |
Application master disks and license
documents kept securely |
| • |
Backups stored in a fireproof safe or in a
secure offsite location |
|
| 5. |
Do you have a maintenance contract for your computer equipment?
|
| 6. |
When interviewing security or IT consultants and new staff
members, it is a good idea to vet them (i.e., examine their background
and qualifications). Do you vet your IT consultants and staff?
|
| 1. |
Have you ever opened a file in an email from
someone you didn’t know because it looked interesting?
| • |
Yes (-1 point) |
| • |
No (1 point) |
|
| 2. |
Which of the following defenses do you have
operating on your business network (1 point each):
| • |
Software updates installed
as they become available |
| • |
Virus definitions updated
on a regular basis |
| • |
Firewall installed and
correctly configured |
| • |
Centrally enforced strong
password policy |
| • |
Web browsing and email
usage policy enforced |
| • |
Secure connections for
remote users |
| • |
Secure wireless network |
| • |
Regular backups |
|
| 3. |
Do you regularly back up your data?
| • |
No |
| • |
Yes (1 point) |
| • |
Bonus point: and we test
restoring the data periodically |
|
| 4. |
Do you regularly test your backups by restoring
them and verifying the restored data?
|
| 5. |
Are you running the latest versions of
Microsoft Internet Explorer and Microsoft Outlook?
|
| 6. |
Do you use encryption on your wireless network?
|
|
Less than 10 |
Seriously consider studying security issues and
putting together a plan (or hiring someone else to do so). |
|
11 to 20 |
You know you need security, but you don’t have
the skills, time, or confidence to do something about it. You are at
serious risk, and you need to take steps to protect your business. |
|
21 to 30 |
You are like many people. You have good
intentions and have taken some measures but are mostly just hoping
that something bad won't happen to you. There are steps you can take
now that will transform your security from "barely adequate” to “good
enough." |
|
31 to 40 |
You’re doing pretty well. Look through this
guide and see if there’s anything you’ve missed. There may be a few
tricks you’ve overlooked and some risks you haven’t considered. |
|
41 to 50 |
You’ve done a great job. It’s probably worth
scanning this guide to see if there’s anything you’ve overlooked.
Don’t forget about the need to keep reviewing your security and
updating your plans. |
|
Over 50 points |
You could probably write a guide of your own. |
|
