Identify where critical information is stored. Example: Payroll, ERP, Accounting, Production Management, CRM, etc.
Asset inventory of all network enabled devices. Example: computers, servers, virtual servers, cameras, phones, firewall, switches, etc
Do you have end of life or end of support operating systems or devices?
Require passwords to be at least 8 characters with upper/lower case and numbers?
Do you force password changes for Windows and critical web portals at least every 6 months?
Do you have employees or 3rd party accessing your information remotely?
Do you know who has administrative privileges?
Do you perform a cybersecurity risk assessment at least annually?
Do you have a report of your cybersecurity weaknesses from your risk assessment?