Echo Hill Security – Cybersecurity Assessment
  • This assessment provides a practical review of key cybersecurity and security awareness controls aligned with NIST CSF, ISO 27001, SANS, ISACA, Microsoft Secure Score, and (ISC)². It is designed for small and mid-sized businesses seeking to evaluate and improve their cybersecurity posture. Respond to each question with Yes, Partially, or No.

  • Sign in to Google to save your progress. Learn more
    Email *
    Company Name *

    Please enter your business website URL (e.g., www.example.com).

    *
    Access Code  *
      Enter the code provided by Echo Hill Security. Without it, your report cannot be generated.  
      Remind me in 90 days to retake assessment.   
    Identity & Access Management
    1.  Do all employees use unique accounts (no shared logins)? *
    2.  Is multi-factor authentication (MFA) required for email, cloud, and remote access?  
    Clear selection
    3.  Are user accounts promptly disabled when staff leave the organization?  
    Clear selection
    Data Protection 
    4.  Is sensitive data (customer, financial, health, etc.) identified and classified?
    Clear selection

    5.  Is sensitive data encrypted both at rest (stored) and in transit (sent over the internet)?

    Clear selection

    6.  Are regular backups performed, stored securely, and tested for recovery?

    Clear selection
    Devices & Endpoints
    7.   Are all company computers and mobile devices kept up to date with patches?
    Clear selection
    8.  Is antivirus or endpoint protection software deployed and active on all devices?
    Clear selection

    9.  Are personal/BYOD devices controlled by policy or mobile device management (MDM)?

    Clear selection
    Network & Cloud Security
    10.  Is your office or facility Wi-Fi protected with WPA2/WPA3 and a strong password?
    Clear selection
    11.  Is a firewall in place and configured to block unauthorized access?
    Clear selection
    12.  Are logs or alerts reviewed for suspicious activity on networks or cloud platforms?
    Clear selection
    Awareness & Training

    13.  Do employees receive cybersecurity awareness training at least once per year?

    Clear selection
    14.  Are simulated phishing tests or practical exercises conducted with staff?
    Clear selection
    15.  Is there a simple process for employees to report suspicious emails or activity?
    Clear selection
    Compliance & Governance
    16.  Does your business have written security or acceptable use policies?
    Clear selection
    17.  Is a risk assessment conducted at least annually to identify new threats?
    Clear selection
    18.  Do you review vendor/cloud provider security before sharing sensitive data?
    Clear selection
    19.  Is there an incident response plan in place (who to contact, what steps to take)?
    Clear selection
    20.  Has your business reviewed cyber insurance coverage or legal obligations (e.g., state data breach laws)?
    Clear selection
    Submit
    Clear form
    Never submit passwords through Google Forms.
    This form was created inside of Echo Hill Security.