Digital Awakening

1. Do all employees use strong, unique passwords for their work accounts, and do you encourage the use of a password manager?

2. Is Multi-Factor Authentication (MFA or 2FA) enabled on critical accounts (e.g., email, banking, cloud storage)?

3. Are operating systems (Windows, MacOS, etc.) and essential software (web browsers, office suites) regularly updated to the latest versions on all company devices?

4. Do you regularly back up important business data (e.g., customer files, financial records), and have you recently tested if these backups can be successfully restored?

5. Is your primary business Wi-Fi network secured with a strong password (e.g., WPA2/3) and is it separate from any guest Wi-Fi network you might offer?

6. Are your employees aware of phishing risks, and do you have measures in place (e.g., spam filters, employee training) to mitigate email-based threats?

7. Is reputable antivirus or anti-malware software installed and kept up-to-date on all computers and servers used for business?

8. Have your employees received any basic cybersecurity awareness training or guidelines in the last 12 months?

9. Do you have clear procedures for what to do if a company device (laptop, phone) is lost or stolen (e.g., remote wipe capability, reporting procedure)?

10. Do you maintain a basic inventory of your critical IT assets (e.g., key computers, servers, important software, customer databases)?

11. Have you identified the primary digital risks that could seriously impact your business operations (e.g., data breach, ransomware attack, system failure)?

12. Do you limit employee access to data and systems based on their job roles and responsibilities (i.e., they only have access to what they strictly need)?

13. Do you have a basic plan or set of steps to follow if a significant cybersecurity incident occurs (e.g., who to contact, initial actions to take)?

14. Have you considered how your business would continue to operate essential functions if your main IT systems were unavailable for an extended period?

15. When working with key suppliers or partners who handle your data or connect to your systems, do you consider their cybersecurity practices?

16. Do you have any written (even if simple) cybersecurity rules or guidelines for your employees?

17. Is cybersecurity and its potential impact on the business discussed at the management or leadership level within your company?

18. Does your business use any AI-powered tools for screening job applications, assessing candidates, or employee performance monitoring?

19. Does your business use AI-powered chatbots or virtual assistants to interact with customers?

20. Does your business use AI tools to analyze customer data for behavior patterns, preferences, or to make predictions (e.g., for targeted marketing, churn prediction)?

21. Does your business use AI in core operational processes such as for optimizing logistics, predictive maintenance, or automated quality control in production?

22. If applicable, does your business use AI systems for making significant financial decisions like loan approvals, credit scoring for customers, or fraud detection in financial transactions?

23. If your business uses AI to generate content (text, images, video) for external communication (e.g., marketing, reports), are you aware of the potential need to disclose that it is AI-generated?

24. Are you aware if any of the AI systems you use (or plan to use) could be considered 'high-risk' under the EU AI Act (e.g., systems that could significantly impact safety, fundamental rights, or access to essential services)?

25. If you use or develop AI systems, do you consider the quality, relevance, and potential biases of the data used to train or operate these AI systems?