Cybersecurity Questionnaire for Employees

A figurine wearing a mask, seated at a desk, embodying the concept of a cybersecurity questionnaire.

Cybersecurity has become a major issue for many companies. Due to this, it is vital that you ensure your employees are practicing the latest cybersecurity protocols and following best practices. One of the ways to do this is by conducting an annual cyber security questionnaire for your employees. This blog will show you some cyber security questionnaire questions that can be included in your questionnaire or interview process.

How do you protect your passwords?

The first step in protecting your accounts is choosing a strong password that is unique for every site and service you use. You are asking for trouble if you are using the same password for multiple sites. This includes things like checking accounts, social media accounts, and online shopping accounts. Use a different password for each one, so if one account gets compromised, other accounts do not. 

The second step is using two-step verification where available. This makes it harder for someone else to access an account by requiring the correct password and an additional code sent over SMS or via an app like Google Authenticator or Authy. 

The third step is using a password manager like LastPass or 1Password to store all your other passwords securely in one place, so you do not have to remember them all yourself (or at least most of them).

What is the best way to protect against viruses and malware?

One of the best ways to protect yourself from viruses and malware is to make sure your computer is kept up to date with the latest security patches and updates. 

What should you do if you suspect a phishing email or text message?

Phishing is a scam that uses fraudulent emails to trick people into revealing sensitive information, such as usernames, passwords, and credit card details. 

If you receive a phishing email or text message, there are some things you can do: 

  • Do not open email or text messages. If you see that the sender is not someone you know, do not open the attachment, or click any links in the email.  
  • Report it to your IT department or security team immediately by forwarding the message to them and alerting them of what happened. 
  • If possible, delete it from your inbox so others will not be tempted to open it. 

What is the best way to protect against ransomware?

Ransomware often gets into systems through phishing emails that contain links or attachments containing malicious code. Users can protect themselves by not clicking on suspicious links or opening attachments in emails unless they are expecting them or know who sent them and why they were sent (such as an invoice). 

How do you protect your devices when they are not in use or if they are left unattended?

You can use a password-protected screensaver. A password-protected screensaver helps protect against unauthorized access by requiring that someone enter a password before using the computer after it has been idle for a certain amount of time. 

If you lose control over your computer because of a lost or stolen password, then whoever has control of your computer will be able to access all the information on your hard drive. In this case, the option is to use a secure disk utility that encrypts all files so that they cannot be read without a key. 

Have you ever witnessed or been involved in a cyber-security incident at work? If yes, how was it handled from your perspective?

When a cyber-security incident occurs, it is important that you follow certain procedures to ensure that it is handled properly so as not to expose your organization to unnecessary risk or damage your reputation within the industry.  

When an incident occurs, it is important that you report it immediately so that appropriate measures can be taken, and potential future damage mitigated as quickly as possible. Reporting an incident immediately allows for a timely response from appropriate resources within your organization who can begin working on containment and eradication measures without delay. 

What can be done to stay safe while using company-provided devices and services regularly?

There are many things you can do to stay safe while using company-provided devices and services regularly. These include: 

  • Avoid logging into sensitive accounts over public Wi-Fi networks 
  • Use a VPN for your internet connection 
  • Use strong passwords, in addition to two-factor authentication if available 
  • Keep your devices up to date 

Where do you download software from?

Only download software from trusted websites and review the program’s readme files before installing. If you do not know what a piece of software does, do not install it. 

These cyber security questionnaire questions can help you as part of an annual cyber security questionnaire for your employees. You can access more questions (ex. how to recognize phishing) and test your employees’ cybersecurity awareness by using Intervy cybersecurity awareness content.