Free tools · Free · 2 minutes
Your cyber maturity across 6 axes
Six questions, one per axis, and you get an overall view of your security posture — with the weak axes that deserve your attention first. The score is computed in your browser, nothing is transmitted. Answer honestly: it is the only way to get anything out of it.
How are accesses to your systems protected (MFA, privileged accounts)? Passwords only, accounts sometimes shared MFA on a few services only MFA everywhere, separate administrator accounts MFA everywhere, privileged accounts managed and reviewed regularly Where do your backups stand (3-2-1 rule, immutable copy, tested restore)? Irregular backups, or none at all Regular backups, but a single location 3-2-1 rule in place, with an off-site copy 3-2-1 with an immutable copy and regularly tested restores How are your workstations kept up to date and protected (updates, EDR)? Updates left to each user, no managed protection Automatic updates on most machines Fleet up to date and centrally managed antivirus Fleet up to date and supervised EDR on every machine Is your network segmented (separate zones, distinct guest wifi)? Flat network, one wifi for everyone Separate guest wifi, but everything else on one network Separate guest wifi and servers isolated from workstations Full segmentation with filtering between zones Are your teams regularly made aware of phishing? No awareness effort at all Occasional guidance (email, posters) Formal awareness sessions at least once a year Regular campaigns with simulated phishing tests What happens if an incident hits tonight (written plan, contacts)? Nothing planned, we would improvise The right contacts are known, but nothing is written down A written incident plan exists Written and tested plan, contacts and roles kept up to date
See my result
The companion article: The State Is Scaling Up Its Cyber Defence: a Minimum Viable Plan for Mauritian SMEs