What email system do you use? *
— Select —
Microsoft 365 (business account)
Google Workspace (business account)
Gmail (free, personal)
Webmail via hosting (cPanel, etc.)
Other / not sure
Do staff use multi-factor authentication (MFA / 2FA)?
— Select —
Yes — enforced for everyone
Yes — but only some staff use it
No — not set up
Not sure what MFA is
Are shared passwords used (e.g. everyone knows the same password)?
— Select —
Yes — we share passwords for some systems
No — everyone has individual logins
Mixed — some shared, some individual
Not sure
Does the business use a password manager?
— Select —
Yes (e.g. 1Password, Bitwarden, LastPass)
No — passwords stored in spreadsheets or memory
Some staff do, some don't
Not sure
What devices does the business use? *
— Select —
Mainly Windows PCs / laptops
Mainly Apple Macs / MacBooks
Mix of Windows and Mac
Mainly phones and tablets
Mix of laptops and phones
Is antivirus / endpoint protection installed?
— Select —
Yes — on all devices
Yes — on some devices
No — we rely on built-in Windows Defender
No — nothing installed
Not sure
How is your office internet connected?
— Optional —
Fibre with a business router
Fibre with a home/consumer router
Mobile data / LTE
Mixed — some fibre, some mobile
Not sure
Is there a guest Wi-Fi separate from business Wi-Fi?
— Optional —
Yes — separate guest network
No — everyone uses the same network
We don't have Wi-Fi / not applicable
Not sure
How is important business data backed up? *
— Select —
Automatic cloud backup (Google Drive, OneDrive, Dropbox, etc.)
Manual backup to external hard drive
Server backup (on-site)
No backup in place
Not sure if backups are working
When last was a backup actually tested / restored?
— Optional —
Within the last 3 months
3–12 months ago
More than a year ago
Never — never tested a restore
Not sure
What data would be most damaging to lose or have stolen?
Has the business experienced any security incidents?
— Optional —
Yes — ransomware or malware attack
Yes — phishing email that was clicked
Yes — unauthorised access to accounts
Yes — data was lost or stolen
No known incidents
Not sure
Have staff received any cybersecurity awareness training?
— Optional —
Yes — formal training in the last year
Informally — we've discussed it
No training in place
Not applicable — just me
Any specific concerns or recent issues you'd like the audit to focus on?