Q1: Your workplace habits
Do you have old used CDs or USB sticks lying around your desk, car, work bag?
Do you have paperwork with identifiable personal data or client sensitive data on your desk?
Do you have project data on your laptop/desktop screen or lying around that is either PI or data sensitive to your client?
Does your computer screen stay active for more than 3 minutes if not in use?
Q2: What are your IT passwords like?
Is it less than 8 digits?
All caps or lower case?
All numerical?
Is it older than 6 months (since it was last changed)?
Is it the same password used for other devices or accounts (such as bank account, social media etc.)?
Q3: How well do you manage your mobile phone?
Do you have a shared use business/private phone?
Do you have non-work related APPS on your work phone?
Do you allow other people (kids etc.) to use your phone from time to time; e.g. play games?
Does your phone have the same PIN that it had 12 months ago?
Does your phone have security updates not yet installed?
Q4: How secure is your client data?
Are project folders from 30 months or more still sitting in the Client Folder System (not yet archived)?
Are emails still in your inbox from projects completed 30 months ago?
Has all personal information from project files (still on your computer) been de-identified?
Do you have client sensitive information as attachments in emails (accessed from your mobile phone)?
Q5: Your home and your car are not workplaces, but:
Do you have project information (paperwork, USB/CDs sticks or other sources) of current or last years completed projects at home or in your car?
Do you put your laptop / IPad bag on your front or back seat when driving home?
Is your work laptop / IPad when at home, accessible to other family members, friends or visitors?
Do your kids or partner know your laptop or mobile phone passwords?
When working from home, do you use a home computer and does work information get saved onto it whilst working from home?
Has your home or your neighbour’s home/car ever been broken into?
How did you go?
A YES response means you are a cyber risk.
Change your practices to convert the "yes" responses to "no".
A NO response indicates secure practices in place and you are NOT a cyber risk.
Comments