Cybersecurity Self-Check: Would You Pass the Basics?

Instead of asking, “Is our company secure?” ask yourself: “Would I pass a cybersecurity basics check?”

When most people hear “cybersecurity,” they picture hackers in hoodies, complicated software, or something only the IT team worries about. But here’s the truth: keeping a business secure isn’t just about technology, it’s about people. And that includes you.

The majority of cyberattacks on small businesses start with a simple mistake by an employee: clicking a bad link, reusing a weak password, or not knowing what to do when something looks suspicious.

So let’s flip the script. Instead of asking, “Is our company secure?” ask yourself: “Would I pass a cybersecurity basics check?”

Take this quiz to find out. Keep score as you go, then check your results at the end.

Part 1: Passwords & Accounts

1. Do you use multi-factor authentication (MFA) to log in?

• Yes, everywhere I can. (2 Points)
• Only on some accounts. (1 Point)
• No, just a password. (0 Points)

2. When someone leaves the company, is their access shut off right away?

• Yes, it’s part of the process. (2 Points)
• Usually, but sometimes delayed. (1 Point)
• Not sure or not consistent. (0 Points)

3. Do you share logins with coworkers?

• Never—I use my own account. (2 Points)
• Occasionally, but only for convenience. (1 Point)
• Often—we just pass around credentials. (0 Points)

Why it matters: If accounts are shared, or if MFA isn’t turned on, hackers don’t need to be brilliant—they just need one stolen password.

Part 2: Data & Backups

4. If your files disappeared today, could you get them back from a backup?

• Yes, we have backups and I trust they work. (2 Points)
• Maybe—we back up sometimes. (1 Point)
• No idea. (0 Points)

5. Have you ever seen (or been part of) a “test restore” to make sure backups actually work?

• Yes, recently. (2 Points)
• I’ve heard of it, but not sure. (1 Point)
• Never. (0 Points)

6. Do you know if sensitive files (like customer info or payroll data) are protected or encrypted?

• Yes, they’re secure. (2 Points)
• Sometimes. (1 Point)
• Not sure. (0 Points)

Why it matters: A backup is like a safety net. If nobody’s checked the net lately, are you sure it will catch you?

Part 3: Email & Devices

7. Have you ever clicked on a suspicious email link “just to see”?

• Never—I delete or report it. (2 Points)
• Once or twice, but I caught it quickly. (1 Point)
• More than once, and I wasn’t sure what to do. (0 Points)

8. Is antivirus or security software running on your computer and phone?

• Yes, and I keep it updated. (2 Points)
• Yes, but I’m not sure if it’s up-to-date. (1 Point)
• No idea. (0 Points)

9. Do you install updates when your computer or phone prompts you?

• Yes, right away. (2 Points)
• Eventually, when it’s convenient. (1 Point)
• Rarely—I click “remind me later.” (0 Points)

Why it matters: Hackers often use old, unpatched weaknesses to sneak in. Clicking “remind me later” too many times is like leaving your windows unlocked.

Part 4: People & Habits

10. Does your company have a clear cybersecurity policy?

• Yes, and I’ve seen it. (2 Points)
• I think so, but I’m fuzzy on details. (1 Point)
• No idea. (0 Points)

11. Do you get regular cybersecurity training (like phishing tests or short courses)?

• Yes, at least once or twice a year. (2 Points)
• Rarely. (1 Point)
• Never. (0 Points)

12. Do you know how to report a suspicious email, text, or call?

• Yes, and I’ve done it. (2 Points)
• Sort of, but not clear on the steps. (1 Point)
• No, I wouldn’t know who to tell. (0 Points)

Why it matters: Hackers count on employees not knowing what “weird” looks like—or what to do about it. A quick report can stop an attack in its tracks.

Part 5: When Things Go Wrong

13. Do you know what you’d do first if your computer was hacked or infected with ransomware?

• Yes, I’d unplug/stop and call IT immediately. (2 Points)
• Maybe—I’d probably just restart. (1 Point)
• No idea. (0 Points)

14. Does your company have cyber insurance (and does it affect what you need to do)?

• Yes, and I know the basics. (2 Points)
• I think so, but unsure. (1 Point)
• No clue. (0 Points)

15. Has your company ever done a “fire drill” for a cyberattack?

• Yes, and I was part of it. (2 Points)
• I’ve heard of it, not involved. (1 Point)
• Never. (0 Points)

Why it matters: In a crisis, confusion equals wasted time. And in cybersecurity, time is money.

Scoring Time

24–30 points: Cyber-Savvy
You’re doing great! You know what to watch for and how to respond. Keep sharpening your skills, you’re part of the solution.

15–23 points: Some Gaps
You’re on the right track, but there are weak spots. Hackers love weak spots. Learn your company’s reporting process, stay on top of updates, and never skip training.

0–14 points: Cyber Risky
You (and your company) are wide open to attack. Don’t panic, start small. Learn how to spot phishing, turn on MFA, and ask IT about reporting suspicious activity.

What Employees Can Do Next

Cybersecurity isn’t just “an IT problem.” Every click, every password, every decision matters. Here are a few things you can do right now:

1. Turn on MFA for your accounts—it’s like adding a deadbolt.
2. Don’t ignore updates. Those little pop-ups exist for a reason.
3. Think before you click. If an email feels off, it probably is.
4. Report it fast. Don’t hesitate—better safe than sorry.
5. Stay curious. Training isn’t a chore; it’s a safety net.

At the end of the day, cybersecurity isn’t about being perfect. It’s about being aware, careful, and ready to act. Small businesses succeed when every employee feels responsible for protecting the business, its customers, and its reputation. So, would you pass the basics?

Eric Anderson is the President of MALA Technology Advisors, a trusted technology consultancy and brokerage focused on helping organizations modernize, stay agile, and lead with confidence in an increasingly complex digital world. He can be reached at eanderson@malatechadvisors.com