Skip to content
Call Us Today! 1300 108 499
|
sales@vetitpro.com.au
HOME
ABOUT US
IT SERVICES
CONTACT US
Support
HOME
ABOUT US
IT SERVICES
CONTACT US
Support
HOME
ABOUT US
IT SERVICES
CONTACT US
Support
Cyber Security Healthcheck
Cyber Security Healthcheck
John Shergill
2022-09-26T16:04:06+10:00
Please enable JavaScript in your browser to complete this form.
Name
*
First
Last
Clinic Name
*
Email
*
Phone Number
*
Do you have a cyber security policy for your clinic?
Yes
No
Unsure
Do you have any cyber security awareness posters around the clinic?
Yes
No
Unsure
Do you have an internal person or external company who is responsible for your clinic's cyber security?
Yes
No
Unsure
How often is cyber security discussed with key personnel?
Often
Rarely
Never
Do you currently have cyber insurance?
Yes
No
Unsure
Has your clinic ever experienced a cyber security incident?
Yes
No
Unsure
Do you have a formal Information Security (IS) document which lists confidential information to your clinic and how this information should be handled by staff?
Yes
No
Unsure
Do you have a simple process to audit 3rd parties for their cyber security resilience before sharing confidential information?
Yes
No
Unsure
Have you identified mission critical information and services that would cause significant disruption to your clinic, if interrupted or lost?
Yes
No
Unsure
Do you have an inventory of all devices / phones / computers and details of what confidential information each holds?
Yes
No
Unsure
Do you have encryption enabled on all devices, and a policy to ensure that all new devices have encryption enabled by default?
Yes
No
Unsure
Do you have a formal process when disposing of old computers or mobile phones?
Yes
No
Unsure
Do you centralise management and configuration of all computers?
Yes
No
Unsure
Do you have network segmentation implemented to separate critical areas from non-critical areas? (such as Guest networks)
Yes
No
Unsure
Do you regularly change access details for all networking devices?
Yes
No
Unsure
Do you monitor network traffic for abnormal activity?
Yes
No
Unsure
Do you store access and activity logs for network devices?
Yes
No
Unsure
Have you performed a penetration test in the past 18 months?
Yes
No
Unsure
Do you have any intrusion detection / prevention systems in place?
Yes
No
Unsure
Do you have restrictions to limit what type of applications an employee can run on their company computers?
Yes
No
Unsure
Do you have an internal or external provider regularly applying software patches / system updates?
Yes
No
Unsure
Have you disabled default macro functions in Microsoft Office applications? (eg: Excel / Word / Powerpoint)
Yes
No
Unsure
Have you investigated application specific settings to harden default security settings? (eg. web browsers and operating systems)
Yes
No
Unsure
If you use cloud storage for any documents (eg: Dropbox, Google Drive), do you have two-factor authentication enabled?
Yes
No
Unsure
If you use a cloud based CRM, do you have two-factor enabled?
Yes
No
Unsure
Do you use a password manager?
Yes
No
Unsure
Do you enforce the use of strong and unique passwords?
Yes
No
Unsure
Do you have a policy or process around how removable media (eg: USB drives) should be used and what information can be copied onto these drives?
Yes
No
Unsure
Do you use removable media regularly?
Yes
No
Unsure
Do you enforce two-factor for webmail access?
Yes
No
Unsure
Do you have SPAM and anti-virus filtering enabled for inbound email?
Yes
No
Unsure
Do you have an acceptable email use policy?
Yes
No
Unsure
Do you have outgoing policies in place to ensure large volumes of data (eg. excel, zip files) can not be sent?
Yes
No
Unsure
Do you have website filters in place to restrict access to websites that may be harmful to your organisation? (eg: torrents / gambling)
Yes
No
Unsure
Do you have an acceptable internet use policy?
Yes
No
Unsure
Do you have an active anti-virus service?
Yes
No
Unsure
Is the anti-virus centrally managed and are updates applied regularly?
Yes
No
Unsure
Do you have an offline copy of critical domain name details? (eg: renewal dates / domain keys)
Yes
No
Unsure
Do you have an offline copy of critical website hosting details? (eg: server location / FTP access details)
Yes
No
Unsure
Do you complete regular malware scans of your website?
Yes
No
Unsure
Does your website collect payment information?
Yes
No
Unsure
Are you confident that staff are cyber aware and understand cyber risks to the organisation?
Yes
No
Unsure
Would staff know how to identify a spear phishing email?
Yes
No
Unsure
Have staff ever completed cyber security training?
Yes
No
Unsure
Do you have a VPN setup for staff to connect to the office remotely?
Yes
No
Unsure
Do you have guidelines for staff to use their personal computers to access your clinic's systems and data?
Yes
No
Unsure
Do you have a recovery plan of who is responsible for what and who has access to recovery data?
Yes
No
Unsure
Do you perform regular backups of computers and servers?
Yes
No
Unsure
Do you test the integrity of backups on a regular basis?
Yes
No
Unsure
Are you aware of what notification is required to send to customers should you experience a breach?
Yes
No
Unsure
Do you maintain computer / server logs to investigate a breach should one occur?
Yes
No
Unsure
Do you have a basic plan of action (incident response plan) which outlines roles and responsibilities should you experience a cyber incident?
Yes
No
Unsure
Have you specifically investigated your legal risk relating to cyber security?
Yes
No
Unsure
Have you specifically investigated your regulatory obligations with relation to cyber security?
Yes
No
Unsure
Do you have a physical firewall in the clinic?
Yes
No
Unsure
How many devices such as computers and laptops do you have in the clinic?
Submit
Go to Top