Step 1 of 6 16% Company InformationCompany Name:(Required)Your Name:(Required)Your Title:(Required)User Count:(Required)Workstation Count:(Required)Server Count:(Required)Number of Locations:(Required)What type of sensitive information does your team handle, access, or store? Check all that apply, including employee data as well as client data.(Required) Personal data Social security numbers Employment data Driver’s license numbers Credit card numbers Banking and/or investment data Health care information Medical records or medical history Intellectual property Unsure Do you allow any of the above information to be e-mailed?(Required)YesNoUnsureNot ApplicableDo you allow any of the above information to be stored or transmitted in cloud file-sharing applications like Dropbox, Google Drive, etc.?(Required)YesNoUnsureNot Applicable Microsoft 365The following questions are applicable if your company uses Microsoft 365.Do you use Microsoft 365 for email or file storage?(Required)YesNoOnce logged into Microsoft 365 do you have an 'Admin' application? It is a little A with a gear next to it.(Required)YesNoNot ApplicableWhen you log into your account are you prompted for a code that is sent to your cell phone or shows up on an application on your cell phone?(Required)SometimesAlwaysNeverNot Applicable BackupsThis section covers questions about your company's backups.Does your current IT support provide you evidence that they are performing test restores of your data?(Required)DailyWeeklyMonthlyQuarterlyAnnuallyNeverNot ApplicableEducationThe following questions about your company's current training programHow often does your team receive simulated phishing training?(Required)WeeklyMonthlyQuarterlyAnnuallyNeverNot ApplicableHow often does your team receive security training?(Required)MonthlyQuarterlyAnnuallyNeverNot Applicable InsuranceThe following questions should be asked about their current insurance policies.Do you have a cyber liability insurance policy?(Required)YesNoUnsureNot ApplicableDo you have crime insurance?(Required)YesNoUnsureNot ApplicableHow recently have you evaluated the level of cyber insurance carried by your organization to verify if it is adequate to protect your organization and your clients or patients from financial loss?(Required)90 Days180 Days1 Year3 YearsI Don't Know PoliciesThe following questions should be asked about their current office policies.Do you have a work from home policy that includes safeguards for client, patient and organization data?(Required)YesNoNot ApplicableDo employees sign off that they have read and understand these policies?(Required)YesNoUnsureNot ApplicableWhat cyber security policies are being used in your office?(Required) Acceptable Use Policy Password Policy Data Confidentiality Policy Mobile Device Policy Bring Your Own Device (BYOD) Policy Incident Response Policy Backup and Disaster Recovery Plan Business Continuity Plan Remote Access Policy IT Asset Disposal Policy Security Awareness Policy 3rd-Party Access Policy Removable Media Policy (USB Drives/Sticks) User Termination Policy I don’t know if we have any of these Do you have a “clean desk” policy asking employees to not leave sensitive documents lying on their desk when unattended?(Required)YesNoUnsureNot ApplicableWhere do you store your list of user credentials (username and passwords)?(Required)How would you currently rate the cyber security software deployed to protect personal and organization data from attacks such as phishing and ransomware?(Required)PoorBelow AverageAverageGoodExcellentHow often do you have a 3rd party analysis of your network security controls?(Required)MonthlyQuarterlyBiannuallyAnnuallyNever Confidentiality & Non-Disclosure AgreementIn an ongoing effort to protect the world from hackers, The Miller Group, LLC (“TMG”) will perform a Network and Workstation Vulnerability Assessment for your organization (“Client”). As part of the assessment, TMG will run a small utility on your network which will help TMG quickly gather system information about Client users, computers, and network configuration. This data will enable TMG to provide a real-time report on Client’s current security posture. TMG will also include information on potential problem areas on the edges of Client’s network, locations of personally identifiable information, as well as passwords found during this assessment. TMG will schedule a post assessment meeting to review the findings and identify the most important areas to focus future efforts. During the vulnerability assessment, TMG may discover proprietary technical or business information (“Confidential Information”). Any such Confidential Information discovered is incidental and only in possession of TMG for the purposes of identifying risks and ultimately securing Client data from unwanted third parties. At no time shall TMG’s possession of the Confidential Information be considered to have provided TMG with any right or interest in the Confidential Information. TMG will maintain the Confidential Information using a commercially prudent degree of care at least equal to the degree of care Client uses to protect its own information TMG and the client retain their respective ownership of any confidential information that is disclosed during this Vulnerability Assessment and the resulting post assessment meeting.I Agree(Required) I have answered the provided questions to the best of my ability.I Agree(Required) I agree to the above Confidentiality & Non-Disclosure Agreement.
