Do all employees use strong, unique passwords stored in a password manager?

Have you enforced Multi-Factor Authentication (MFA) for critical business accounts?

Do employees use business-managed accounts instead of personal accounts for work?

Do you have a policy requiring password rotation and account audits?

Is your Wi-Fi secured with a strong password (WPA2 or WPA3)?

Do you have a separate guest Wi-Fi with its own strong password?

Do employees use their own username/password to connect to the office Wi-Fi for security and identity?

Does your network use a DNS-based security solution to block malware, phishing, botnets, and other threats?

Do you keep IoT devices secure in a separate network zone (e.g., printers, cameras, etc.)?

Do you monitor network activity to understand what’s going on? Do you conduct regular assessments and have reports available?

Do you know which devices are connected to your network at any given point?

Is there a firewall (hardware/software) protecting your network from unauthorized traffic?

Are all company devices protected with antivirus or EDR?

Do employees use only company-approved devices for work?

Are devices encrypted to prevent data theft?

Do you enforce automatic OS and software updates?

Are USB and removable storage devices restricted or monitored?

Is your business email protected with spam filtering and anti-phishing?

Do you conduct phishing awareness training for employees?

Have you implemented DKIM, DMARC, and SPF to prevent email spoofing?

Do you perform automated backups of business-critical data?

Is your backup strategy following the 3-2-1 rule?

Are sensitive business files encrypted at rest and in transit?

Have you tested data recovery procedures?