Skip to main content
New: free AI Readiness Assessment, see where your business stands
bdManagedIT

How protected are you?

Cyber Security Self-Assessment

Answer seven quick questions and score your security across endpoints, identity, email, and backup, with a weak-spot map and next steps.

Exposed Some protection Well protected

Answer yes or no across the areas attackers actually target. Be honest, the result is most useful when it reflects reality.

Progress0 / 7

Endpoint & devices

  • Every device is protected with managed EDR or antivirus.
  • Systems are updated and patched automatically.

Identity & access

  • MFA is enforced on all accounts.
  • Admin rights are limited and reviewed.

Email, people & recovery

  • Inbound email is filtered for phishing and spoofing.
  • Staff receive regular security awareness training.
  • You have tested, offsite backups.

Your maturity level

Four levels, from reactive firefighting to strategic advantage. Answer the questions to see where your business lands and what to do next.

Exposed
Some protection
Well protected

What is a security self-assessment?

This security self-assessment scores your defenses across the areas attackers actually target, endpoints, identity, email, and backups. Most breaches at small and mid-sized businesses succeed through a handful of gaps: no MFA, unpatched devices, unfiltered email, or untested backups. The score shows where you are most exposed.

It scores seven controls across three areas, endpoint and devices, identity and access, and email, people and recovery, and places you on one of three levels:

  1. 1 Exposed

    Attackers have easy paths in, the basics that stop most breaches are missing.

  2. 2 Some protection

    Core defenses exist, but gaps in email, identity, or recovery remain.

  3. 3 Well protected

    Strong posture, the common attack paths are covered.

Questions

What does the security score mean?
It rates your protection across endpoints, identity, email, and backup. A lower score flags where attackers are most likely to get in.
How is the score calculated?
You answer seven yes or no statements across endpoint and devices, identity and access, and email, people and recovery. Each yes adds to a score out of 100.
What are the most important controls?
MFA, managed EDR, automatic patching, email filtering, and tested backups stop the large majority of attacks on small and mid-sized businesses.
How long does it take?
About two minutes. You get your score, weak-spot map, and next steps immediately, with a full report by email.
What happens after?
You get a weak-spot map tied to specific bdManagedIT services, plus the option to book a first appointment to close the gaps.
Is this a penetration test?
No. It is a fast self-assessment of your controls. A deeper, documented review is part of our paid IT assessment.