Different businesses face different risks. Pick the one that fits you best — don't overthink it.
Service provider
Consulting, agencies, contractors, staffing
Product-based
Physical goods, manufacturing, distribution
Online shop
E-commerce, digital sales, subscriptions
Software / SaaS
Apps, platforms, digital products
Regulated industry
Healthcare, finance, legal, government
Nonprofit / other
Associations, charities, other organizations
Pick the one that fits best and we'll keep moving.
Is your website locked down?
Your website is usually the first thing customers see — and the first thing attackers poke at. A little maintenance goes a long way.
Updates happen regularly and someone checks it for issues
We have the basics and checkups are pretty hit or miss
I have no clue
We don't have a website
Go ahead and pick the one that fits best.
How well are you protected from phishing?
Check everything that applies to your organization.
Junk mail goes into our junk or spam folder
Our team knows what to do to spot a potential scam
We have no protections beyond our email provider
Not sure what's in place
We have had an incident
Select all that apply — you can pick more than one.
Please select at least one option before continuing.
If your business data disappeared tomorrow, what happens?
Think ransomware, a hacker encrypting your files and demanding payment, or a breach that wipes out everything — client records, financials, all of it. Gone.
We have a plan. I know who to call. (Ghostbusters!)
We'd figure it out but there will likely be alcohol and/or tears involved
Honestly, it would be chaos
Cry. Move to a new country. Change my name. Apply to jobs.
Go ahead and pick the one that fits best.
How do you handle passwords?
Check everything that applies to you or your team.
I use a password manager
I store them in my browser
We use shared accounts
I have a strong password I use everywhere
Complex passwords are hard to remember
I write passwords on a post-it
I use a variation of a password everywhere
Select all that apply — you can pick more than one.
Please select at least one option before continuing.
Do you use two-step login?
You might know this as MFA (multi-factor authentication) — it's that extra step after your password, like a code texted to your phone or generated by an app. Even if someone steals your password, they still can't get in. It stops the vast majority of account takeovers cold.
Yes — everything important requires that second step
Email, banking, cloud, admin accounts — all locked down with two-step login
Some things have it, but not everything
It's on a few accounts but there are definitely gaps we know about
One or two things have it — most don't
Pretty much everything is just a username and password
Nope, nothing has two-step login
It's passwords only across the board
I don't know what MFA is — this is new to me
Go ahead and pick the one that fits best.
Who in your organization can get to what?
Think about your systems, files, and accounts. Does everyone have access to everything — or do people only see what they actually need for their job? And when someone leaves the company, what happens to their access?
We're tight on this
People only access what they need for their role, access gets removed the day someone leaves, and we review it regularly
Mostly under control, but not perfect
We have some structure around it but reviews are infrequent and offboarding isn't always immediate
Most people have pretty broad access
We haven't really limited who can see what, and former employees might still have active accounts
Honestly, we're not sure who has access to what
No real process exists — it's grown organically and nobody's done a full audit
We're a small team and everyone needs access to everything — it's not really an issue for us
Go ahead and pick the one that fits best.
Want your results emailed to you?
Drop your name and email below and we'll send you a copy of your personalized report. Takes two seconds — no spam, we promise.
We need your name and a valid email to send your results.