| Section | Score | Status |
|---|---|---|
| Passwords & Access Control | — | — |
| Software & Device Security | — | — |
| Email & Communications Security | — | — |
| Suppliers & Third-Party Access | — | — |
| Backups & Business Continuity | — | — |
| Control | Status |
|---|---|
| Multi-Factor Authentication (MFA) — Q3 | — |
| Email Authentication (SPF/DKIM/DMARC) — Q9 | — |
| Daily Offsite Backups — Q17 | — |
| Offboarding / Access Revocation — Q4 | — |
The TryCSC 5-Minute SMB Cyber Health Check — find out exactly where you stand before attackers find out for you.
Q1 Every system, account, and application used by our business has a unique, strong password — no shared or reused passwords.
Q2 We use a business-grade password manager that all relevant staff have access to and actively use.
Q3 Multi-factor authentication (MFA) is enabled on all critical systems — including email, banking, and cloud platforms. ⚡ Critical Control
Q4 When a staff member leaves, their access to all systems is revoked within 24 hours — and we have a documented process for this. ⚡ Critical Control
Q5 All devices used for business — laptops, phones, tablets — are set to automatically install security updates.
Q6 Active endpoint protection (antivirus/anti-malware) is installed and running on every business device.
Q7 We maintain an up-to-date inventory of every device that connects to our business network or systems.
Q8 Our office Wi-Fi is segmented — staff devices, guest devices, and operational systems are on separate networks.
Q9 Our email domain is configured with SPF, DKIM, and DMARC records to prevent impersonation and email spoofing. ⚡ Critical Control
Q10 All staff have received phishing awareness training in the last 12 months and know how to identify suspicious emails.
Q11 We have a clear, documented process for staff to report suspicious emails — and staff actually use it.
Q12 All payment change requests received by email must be verbally verified before any action is taken — this is a documented rule.
Q13 We maintain a documented list of every supplier and vendor that has access to our systems, data, or network.
Q14 Our suppliers are contractually required to maintain security standards and notify us promptly in the event of a breach.
Q15 Third parties are only given the minimum access they need to do their job — no blanket admin access.
Q16 We regularly review who has third-party access to our systems and revoke it when it is no longer needed.
Q17 We run automated daily backups of all critical business data to an offsite or cloud location. ⚡ Critical Control
Q18 Our backups are isolated from our live systems — a ransomware attack could not reach and encrypt our backup copies.
Q19 We have successfully restored data from our backup in the last 12 months — not just run a backup, but actually tested restoration.
Q20 We have a documented business continuity plan that covers what to do if our systems are unavailable for 24–72 hours.
Introducing the TryCSC Compliance Navigator — your compliance guide, built for US small business.
No consultants charging $5,000–$15,000+. No jargon. No eye-watering fees. Just a clear, step-by-step path through the compliance maze — at a fraction of the cost, on your own schedule, without sending you broke.
The TryCSC Compliance Navigator is a complete, self-managed compliance system built specifically for US small businesses. Five modules cover everything from your NIST CSF assessment and supplier risk register to a 72-hour incident response playbook and an Evidence Pack you can present directly to your insurer or biggest client.
This is the documentation your cyber insurer wants to see. It's what enterprise clients are starting to ask for. And it's what regulators are moving toward requiring.
$127 — One-TimeOne-time purchase. Instant access. No subscription. Licensed for single business use.
Want a copy of your results to keep or share with your IT contact?
Generates a clean PDF showing your score, section breakdown, and key gaps.
Enter your details below to receive your full results report.
No spam. Unsubscribe anytime.
Your results summary is on its way.
Your score shows real gaps that leave your business exposed right now. The Compliance Navigator gives you a step-by-step system to close every one of them — at your own pace, no consultant needed.
See How to Close Your Gaps →