CyberInsurance Questionnaire What is your password length/complexity/lockout policy?(Required)Don’t KnowComplex passwords requiredPasswords over 8 charactersLockout policy in placeNone of the aboveHow many days are passwords good for in your organization?(Required)Don’t KnowLess than 45 daysLess than 120 daysForeverDo you have encryption on device hard drives (bitlocker)?(Required)Don’t KnowYesNoHow often is anti-phishing training conducted for your employees?(Required)Don’t KnowAnnualQuarterlyMonthlyNeverWhat EDR (advanced end point detection and response) solution is used by your organization?(Required)Don’t KnowCarbonBlackCrowdstrikeCylanceCyber-reasonSentinelOneCheckpoint SandblastCisco AMPCynetF-SecureSophos InterceptMicrosoft Defender ATP (E5 license)Another EDRBasic Antivirus (i.e. Webroot/eset/Malwarebytes)No EDR or AVDescribe your VPN Setup, or any remote/terminal computer environments?(Required)Don’t KnowMFA required to VPNRDS gateway with MFAVPN without MFARDS gateway without MFANo VPN or Remote access to environmentHow is Remote Desktop Protocol (RDP) protected in your network?(Required)Don’t KnowRDP is offRDP is only used internallyRDP requires MFARDP Gateway in placeNone of the aboveWhat best describes your back-up storage?(Required)Don’t KnowFull system backup - local and cloud replicatedull system backup locallyFull system backup in the cloudFile system backup local/cloudN/AHow often are the applicant's critical systems and data files backed up?(Required)Don’t KnowContinuousMultiple times a dayDailyWeeklyMonthlyNo backupsHow often is the companies network fail-over and recovery procedure tested?(Required)Don’t KnowMonthlyQuarterlyAnnuallyN/AWhat is the extent of unsupported systems and applications in your network?(Required)Don’t KnowNo unsupported computers/applicationsLess than 1% of organizationLess than 3% of organizationGreater than 3% of organizationWhich protocols are used to authenticate the sender and content of emails?(Required)Don’t KnowSPFDKIMDMARCSPF & DKIMNoneWhat best describes your organizations patch management procedure?(Required)Don’t KnowWe don't patchWe patch when there is something criticalWe have a quarantine, evaluation and patching procedureAll patches are automated to install once releasedHow often are Vulnerability/Penetration Tests done?(Required)Don’t KnowAnnualQuarterlyMonthlyNeverHow is your IT Company or Managed Service Providers (MSP) access to the network controlled?(Required)Don’t KnowNo MSPMFA requiredApplication WhitelistingSecurity Assessment of MSPSeveral Security controls including aboveNone of the aboveWhat's the extent of your security events monitoring and logging?(Required)Don’t KnowNo monitoring / loggingIn house security teamMSSP (managed security service provider)In house fully managed SOCIn house SOC with SIEM/SOAR/UBAWhich Office 365 security add-ons are utilized by your organization?(Required)Don’t Know365 Not used365 ATP enabled365 MFA enabled365 ATP & MFA enabledOther security solutionDo you have a MDM (mobile device management) solution for phones that access corporate information?(Required)Don’t KnowYesNoHiddenTotal ScoreHiddenFind out more about your scoreEmail EmailThis field is for validation purposes and should be left unchanged.