Your Name(Required)
Please contact me via

How frequently do you conduct interactive phishing training for all employees?

Do you enforce multi-factor authentication (MFA) for all user accounts (other than Domain Administrator accounts) when accessing your network remotely?

MFA includes but is not limited to the following: a call, SMS, push notification, time-based one-time password, OATH token, hardware token, device pinning, authenticator apps, biometrics, or a FIDO2 key (e.g., YubiKey, RSA SecurID).

"User accounts” include employees and (where applicable) students, volunteers, interns, third-party contractors, and any other persons with a user account on your network.

Do you permit users remote access to web-based email (e.g., Outlook Web Access (OWA)?
If “Yes”, do you enforce MFA for access to web-based email?

Do you rely on a cloud-based service as your backup location?
If “Yes”, is your cloud-based backup service a “syncing service”? (E.g., DropBox, OneDrive, SharePoint, Google Drive)
If “Yes”, have you determined how long it would take to restore all of your data from the cloud?

How frequently do you perform a test restoration from backups?

Have you had any cyber claims or data breach claims in the last five years?