Check processes – Divine Way

IT Security Quicktest

18 questions for business owners and managers

Takes 5 minutes to complete.

Answered: 0 / 18

🔑 Access & Accounts

1. Must your employees use passwords longer than 10 characters?

Applies to computers, email, and cloud services like Office 365 or Google.

2. Do employees log in with two steps — password plus phone confirmation?

Two-factor authentication (MFA). Significantly reduces account breach risk.

3. When an employee leaves, do you revoke all access within 24 hours?

Email, company cloud, shared folders, CRM, accounting…

4. Is the number of people with administrator privileges kept to a minimum?

Admin account = full access to everything. Fewer admins = lower risk.

💬 Story #1 — Employee departure

A sales director left on good terms. The company forgot to revoke his access. Six months later, he downloaded the customer database and took it to a competitor. All it took was one click on departure day — deactivate the account.

💻 Devices & Computers

5. Do all company computers and phones have automatic updates and antivirus enabled?

Includes employee phones if they access company data.

6. Is company data on laptops and phones encrypted?

BitLocker (Windows), FileVault (Mac). If stolen, no one can read the data.

7. Do you know what devices and software your company owns and uses?

Do you have an overview — at least an approximate list?

💾 Backups & Data

8. Do you back up company data automatically and regularly — at least weekly?

Automatic backup = runs without anyone having to remember.

9. Are backups stored in two different locations?

E.g. company server AND offsite or cloud. Fire or ransomware can destroy both at once.

10. Have you tested a backup in the last 12 months — actually tried restoring data?

A backup that has never been tested is just an assumption — not a certainty.

💬 Story #2 — Ransomware & backups

A hospital in Benešov was hit by ransomware in 2019. Attackers encrypted all data including the backup connected to the same network. Damage exceeded 50 million CZK. An offsite backup would have resolved it in hours.

📧 Email & Employees

11. Do you train employees — even once a year — to recognize phishing emails or fake invoices?

Phishing = an email that looks legitimate but aims to steal credentials or money.

12. Do employees know who to contact about a suspicious email or strange computer behavior?

Is there a clear reporting procedure in the company?

13. Do you know if your company email is protected against someone sending messages as you?

Technically: SPF, DKIM and DMARC. If unsure — answer DON'T KNOW, an IT specialist can check in 10 minutes.

💬 Story #3 — Fake invoice

An accountant received an email seemingly from the CEO: "Please send 180,000 CZK to this account, I'm traveling." The money was sent. The CEO never wrote it — the attacker spoofed the email address. The whole thing took 4 minutes. Proper email domain settings (DMARC) prevent this and cost zero.

⚠️ Did you know?

If customer or employee data leaks, you face government fines. Under GDPR, realistically 200,000 – 2,000,000 CZK for a small or medium business. You must report an incident within 72 hours. Total cost of a single incident in the Czech Republic typically ranges from 500,000 – 5,000,000 CZK.

🌐 Network & Remote Access

14. Do visitors and guests connect to a different Wi-Fi network than employees?

Shared Wi-Fi = a guest reaches the same network as your servers and computers.

15. If employees work remotely, do they access company systems via VPN?

VPN = encrypted connection as if the employee were in the office. Without VPN, data is transmitted insecurely.

📋 Processes & Preparedness

16. Does your company have a written plan for what to do in case of a cyberattack?

Who calls whom, what steps to take, where are backups. Even a one-page document is better than nothing.

17. Do you know which vendors have access to your systems or data?

Accounting firm, IT vendor, web admin… Do you know who has access to what?

18. Has your company had an external security audit in the last two years?

An independent review reveals gaps that are invisible internally.

Security rating of your company