How protected are you?
Cyber Security Self-Assessment
Answer seven quick questions and score your security across endpoints, identity, email, and backup, with a weak-spot map and next steps.
Answer yes or no across the areas attackers actually target. Be honest, the result is most useful when it reflects reality.
Endpoint & devices
- Every device is protected with managed EDR or antivirus.
- Systems are updated and patched automatically.
Identity & access
- MFA is enforced on all accounts.
- Admin rights are limited and reviewed.
Email, people & recovery
- Inbound email is filtered for phishing and spoofing.
- Staff receive regular security awareness training.
- You have tested, offsite backups.
Your maturity level
Four levels, from reactive firefighting to strategic advantage. Answer the questions to see where your business lands and what to do next.
What is a security self-assessment?
This security self-assessment scores your defenses across the areas attackers actually target, endpoints, identity, email, and backups. Most breaches at small and mid-sized businesses succeed through a handful of gaps: no MFA, unpatched devices, unfiltered email, or untested backups. The score shows where you are most exposed.
It scores seven controls across three areas, endpoint and devices, identity and access, and email, people and recovery, and places you on one of three levels:
- 1 Exposed
Attackers have easy paths in, the basics that stop most breaches are missing.
- 2 Some protection
Core defenses exist, but gaps in email, identity, or recovery remain.
- 3 Well protected
Strong posture, the common attack paths are covered.
Questions
- What does the security score mean?
- It rates your protection across endpoints, identity, email, and backup. A lower score flags where attackers are most likely to get in.
- How is the score calculated?
- You answer seven yes or no statements across endpoint and devices, identity and access, and email, people and recovery. Each yes adds to a score out of 100.
- What are the most important controls?
- MFA, managed EDR, automatic patching, email filtering, and tested backups stop the large majority of attacks on small and mid-sized businesses.
- How long does it take?
- About two minutes. You get your score, weak-spot map, and next steps immediately, with a full report by email.
- What happens after?
- You get a weak-spot map tied to specific bdManagedIT services, plus the option to book a first appointment to close the gaps.
- Is this a penetration test?
- No. It is a fast self-assessment of your controls. A deeper, documented review is part of our paid IT assessment.