WFH Maturity Quiz

This quiz begins with the IDENTIFY pillar of the NIST 800-171 Cybersecurity Framework. When is the last time an inventory of all WFH devices with access to your network was created/revised?

When is the last time you reviewed this report for accuracy?

When was the last time your team reviewed your organization's cybersecurity roles and responsibilities? How well does it fit your organization's mission and goals?

Since the pandemic began, has your expanded WFH environment been specifically assessed for CyberSecurity risks?

When was your organization's cyber security policies last revised?

Have all employees signed this document?

Does your WFH workforce access any vendor, manufacturer, or partner portals directly from their WFH workstation, without a requirement of MFA?

Now our quiz will move to the PROTECT pillar of the NIST 800-171 Cybersecurity Framework. What type of authentication is required for WFH remote access to your company?

Have you created effective role-based login profiles so that remote users have access to only the tools they need?

What percentage of employees have been trained in cybersecurity focusing on potential threats specific to their WFH environment within the past 6 months?

How often are WFH employees tested for their 'cybersecurity awareness'?

Is a Recovery Point Objective defined for each important application/database in your company?

What checking mechanisms do you have to test the integrity and security of software, firmware, and information to ensure WFH workstations are not compromised?

How would you score your organization's readiness and preparedness for securely supporting your WFH workforce?

Are all devices connecting to corporate resources through a VPN connection corporate-owned?

How often are all such devices checked to ensure anti-virus, anti-malware, DNS protection, and other protective technologies are working properly?

Now our quiz will move to the DETECT pillar of the NIST 800-171 Cybersecurity Framework. What level of WFH threat detection does your organization use to detect potential cybersecurity events?

Are failed or risky remote-access attempts identified and reviewed regularly?

Now our quiz will move to the RESPOND pillar of the NIST 800-171 Cybersecurity Framework. In the event that a security breach or loss of data is identified on a WFH machine, is a written response plan in place to address remediation of the breach?

Now our quiz will move to the RECOVER pillar of the NIST 800-171 Cybersecurity Framework. If WFH users are utilizing Microsoft Office 365 or Microsoft 365, are all user documents and email protected daily using a 3rd party Cloud to Cloud backup and recovery system?

When has recovery of an Office 365 user environment been last tested?