What is your business name? *

What industry are you in? *

What are your main cybersecurity concerns? *

How many employees in total does your business have? *

Do you ever employ contractors? *

Do you ensure that any devices and software you use for your business are kept up-to-date with the latest updates? *

First think about desktops, laptops, tablets and phones and then think about the operating systems they use - like Windows, MacOS, Android or iOS - and the apps or software on them like Outlook, Chrome, Firefox etc

Is your customers' data stored on a system that your business uses? *

You might just use an Excel or Google Sheets spreadsheet, for example, or Customer Relationship Management (CRM) or Accountancy software like Hubspot, Xero, Zoho, FreeAgent etc

Do you have a documented cybersecurity policy? *

This could be as short as 2 sides of A4 or many pages, but it essentially means you have thought about the systems you use, who uses them, how they\'re accessed, how you keep unwanted visitors out AND that you are set up to review that every year, for example, as your business changes

Have you (or any employees) gone through any cybersecurity training? *

We are talking about training from reputable sources such as the National Cyber Security Centre (NCSC)

Do you have up-to-date antivirus and anti-malware software installed and working on all the devices you use for work? *

Think about all the devices you use for your business and then think if and when you last installed or updated antivirus software on them. If that was more than 3 months ago, you are starting to fall behind

Do you back up your business and customer data regularly? *

This could be copies of data that you save to a physical hard drive that you then remove from the space you do business in (whether at home or in an office) or data that is backed-up to a cloud data storage service e.g. OneDrive, iCloud, Dropbox etc

Do you have a process for response and recovery in the event of a cyber incident? *

Again this only needs to be a short document for a sole trader or very small business but it shows that you have researched and then thought about what you and your business would do if you were hit by a cyber attack

Do you take online or in-person card payments from customers? *

Do you use a firewall to protect your home or office network? *

The box at your home or office that plugs into the broadband socket in the wall is your broadband router. If you have had a new one in the last 5 years, the chances are that it came pre-installed with a firewall switched-on. If not, or if you know you have changed the firewall settings, please answer 'no'

Do you use strong passwords and enforce regular password changes? *

Strong passwords contain a mix of a minimum 15 characters, numbers and symbols that you only use once per account or device. Passwords in businesses should be changed frequently e.g. every 90 days

Do you control access to sensitive data (e.g. user permissions)? *

Sensitive data doesn't just mean payment data, it means anything that the UK's GDPR (Data Protection) laws apply to e.g. the ability to be able to identify an individual by virtue of the data held which could be as simple as post code, date of birth, house number, email address etc

Do you use any encryption methods to protect customer and other sensitive data? *

Encryption means that data you hold is only visible to someone on your system or who has access to your account(s). Some online services, such as OneDrive, encrypt data by default but, other hardware e.g. a Windows or Mac computer does not do so by default

Do you use wi-fi for your business in your own office or at home? *

Are any such networks secured with a strong password and WPA2 or WPA3 encryption? *

If you have a broadband router that is around 5 years old or less, then it is likely to have WPA2 encryption - older devices might not. Only new broadband routers from the last 12-18 months will generally have WPA3 encryption by default. Even then, have you changed the default password that came with the router?

Do you use a shared office or co-working space? *

Does that shared office space have a wi-fi network that you use for business? *

Do you use a Virtual Private Network (VPN) in that shared office space to protect your business (and customer) data? *

VPNs provide a safe "tunnel" for you to communicate freely via a broadband connection. They are usually an app or a software program on a device, but can be a hardware "box" that does the same job

Do you use any third-party applications or cloud storage services? *

Here we are referring to services like Xero, FreeAgent, Dropbox, OneDrive etc

Do you have any security controls in place for these services? *

Although you might be the only, or one of 2 or 3 that has direct access to those services for your business, do you limit the access and control that third parties, such as accountants, only to what they actually need?

Has your business ever experienced a cyber incident (e.g. data breach, malware infection)? *

Did you take any steps to improve your business resilience to another cyber attack as a result? *

Why not? *