Personal Cyber Assessment

I. Financial & Credit Exposure

Q1: Do you have online access to your financial accounts (e.g., bank accounts, investment accounts)?

Definition: "Online access" means you can log in to your financial institution’s website or app to view and manage your accounts.

Risk Understood: Having online access increases your exposure if security isn’t robust.

Guiding Questions: Do you use secure networks? Have you noticed any unauthorized transactions?

A. Yes, I have online access to all my financial accounts.
B. I have online access to some of my financial accounts.
C. No, I do not have online access.

Q2: How often do you review your financial accounts for unauthorized activity?

Definition: "Review" means checking your transaction history or statements for unusual activity.

Risk Understood: Infrequent reviews can delay detection of fraudulent activity.

Guiding Questions: How regularly do you check your accounts? Do you set up alerts?

A. Regularly (e.g., weekly or monthly).
B. Occasionally.
C. Rarely.
D. Never.

Q3: Do you have ongoing access to your credit reports?

Definition: A credit report is a summary of your credit history.

Risk Understood: Not monitoring your credit report can cause you to miss signs of identity theft.

Guiding Questions: Do you know how to access your report? How often do you check it?

A. Yes, I regularly check my credit reports.
B. I have access, but I check them infrequently.
C. No, I do not check my credit reports.

Q4: How frequently do you check your credit report for anomalies?

Definition: "Anomalies" are unusual entries that may indicate errors or fraud.

Risk Understood: More frequent checks help catch unauthorized changes early.

Guiding Questions: Do you check your report more than once a month?

A. More often than monthly (weekly or daily).
B. Monthly.
C. Quarterly.
D. Annually.
E. Never.

II. Online Accounts & Sensitive Data Exposure

Q5: Approximately how many online accounts do you actively use?

Definition: "Online accounts" include email, social media, shopping, banking, etc.

Risk Understood: The more accounts you have, the greater your exposure if one is compromised.

Guiding Questions: Count the accounts you use regularly.

A. Fewer than 10.
B. 10–50.
C. 51–100.
D. Over 100.

Q6: Which categories of online accounts do you hold? (Select all that apply.)

Definition: Categories may include financial, email, social media, health, government, etc.

Risk Understood: Some account types (e.g., financial) require stronger security.

Guiding Questions: List the types of accounts you maintain and consider the sensitivity of their data.

A. Financial
B. Email
C. Social Media
D. Health
E. Government
F. E-commerce/Shopping
G. Entertainment
H. Other

Q7: What types of sensitive personal data do you store online?

Definition: Sensitive data can include financial details, personal IDs, health records, private documents, etc.

Risk Understood: Storing such data increases potential damage if breached.

Guiding Questions: What types of data do you store online? Is it protected (e.g., encrypted)?

A. Financial information
B. Personal identification details
C. Health records
D. Personal photos and documents
E. None

Q8: Where do you primarily store your sensitive data?

Definition: Options include cloud services and local devices.

Risk Understood: Each storage method has its own vulnerabilities.

Guiding Questions: Do you use cloud storage, local storage, or both?

A. Exclusively on cloud services.
B. Both on cloud and local devices.
C. Only on local devices.
D. I do not store sensitive data online.

III. System & Device Usage

Q9: What devices do you use to access your online accounts? (Select all that apply.)

Definition: Devices include desktops, laptops, smartphones, tablets, and IoT devices.

Risk Understood: Each device type has unique vulnerabilities if not properly secured.

Guiding Questions: Which devices do you use most often? Are they kept up-to-date?

A. Desktop/Laptop
B. Mobile Phone
C. Tablet
D. IoT devices (e.g., smart home devices)
E. Other

Q10: How often do you update the software on your devices?

Definition: Software updates include patches that fix security vulnerabilities.

Risk Understood: Not updating leaves devices exposed to exploits.

Guiding Questions: Do you enable auto-updates?

A. Always – I update immediately.
B. Often – within a few weeks.
C. Sometimes – sporadically.
D. Rarely or never.

Q11: When accessing your online accounts, do you use secure connections (e.g., VPNs, trusted networks)?

Definition: Secure connections encrypt your data to protect it from interception.

Risk Understood: Insecure connections may expose your login credentials.

Guiding Questions: Do you use a VPN on public Wi-Fi?

A. Always.
B. Sometimes.
C. Rarely.
D. Never.

Q12: Do you frequently access your accounts on public or shared networks?

Definition: Public/shared networks are commonly available in cafés, airports, etc.

Risk Understood: These networks are less secure, increasing the risk of interception.

Guiding Questions: Do you use public Wi-Fi often? Do you take precautions?

A. Never.
B. Occasionally (with precautions).
C. Frequently.

IV. Cyber Risk Perception & Monitoring

Q13: Do you believe you might be a target of cybercrime?

Definition: Cybercrime includes fraud, identity theft, phishing, and hacking.

Risk Understood: Your personal perception of risk influences your security practices.

Guiding Questions: Do you feel at risk because of your online activities?

A. Yes.
B. No.
C. Unsure.

Q14: Do you regularly monitor your online accounts for unusual activity or breaches?

Definition: Monitoring means checking your accounts for unauthorized access or unusual transactions.

Risk Understood: Regular monitoring helps detect breaches early.

Guiding Questions: Do you use alerts or third-party tools?

A. Yes, frequently.
B. Occasionally.
C. Rarely.
D. Never.

Q15: Do you use additional security measures (e.g., MFA, password manager) for sensitive accounts?

Definition: Additional measures like MFA and password managers add extra layers of security.

Risk Understood: Without these, compromised passwords can lead to full account access.

Guiding Questions: Have you enabled MFA and/or use a password manager?

A. Yes, for all accounts.
B. Yes, for critical accounts only.
C. No.

V. Business & Work-Related Account Access

Q16: Do you access any business or work-related accounts from your personal devices?

Definition: This means using your personal smartphone, laptop, or tablet for work-related activities.

Risk Understood: Mixing personal and work data can create security challenges.

Guiding Questions: Do you use personal devices for work? Have you reviewed your employer’s policies?

A. Yes, exclusively on personal devices.
B. Yes, but I also use dedicated work devices.
C. No, only from company-provided devices.

VI. Personal Exposure & Digital Footprint

Q23: How extensive is your personal online presence?

Definition: Your online presence includes social media profiles, blogs, forums, and other public footprints.

Risk Understood: More public profiles mean greater exposure.

Guiding Questions: How many public profiles do you maintain?

A. Minimal – only essential profiles.
B. Moderate – a few communities.
C. Extensive – multiple accounts.

Q24: Do you share your personal devices or credentials with others?

Definition: "Sharing credentials" means giving someone else access to your login details or devices.

Risk Understood: Sharing increases the risk of unauthorized access.

Guiding Questions: Do you lend your devices or share passwords?

A. No.
B. Yes, but only with trusted individuals.
C. Yes, regularly.

Q25: Have you experienced any incidents of personal data breaches?

Definition: A data breach is when sensitive, protected, or confidential data is exposed or stolen.

Risk Understood: Past breaches may reveal vulnerabilities in your security practices.

Guiding Questions: Have you been notified of a breach? What actions did you take?

A. Yes, multiple incidents.
B. Yes, once or twice.
C. No.

Q26: Do you use third-party applications that access your personal data?

Definition: Third-party applications are those not developed by your primary service provider (e.g., fitness apps).

Risk Understood: They may request excessive permissions and introduce vulnerabilities.

Guiding Questions: Do you review the permissions these apps request?

A. Yes, and I review permissions regularly.
B. Yes, but I rarely review them.
C. No.

Q27: What is your approach to privacy on social media?

Definition: Your approach can range from strict (limiting visibility) to open (public profiles).

Risk Understood: Open profiles may expose too much personal information.

Guiding Questions: How do you configure your privacy settings?

A. Strict privacy settings.
B. Default settings, occasionally reviewed.
C. Open profiles with minimal restrictions.

Q28: How often do you engage in online activities involving personal or payment information?

Definition: This includes transactions like online banking, shopping, or subscriptions.

Risk Understood: Frequent transactions increase exposure if security is lacking.

Guiding Questions: How regularly do you perform such activities?

A. Frequently.
B. Occasionally.
C. Rarely or never.

VII. Security Controls & Practices

C1: Do you use multi-factor authentication (MFA) on sensitive accounts?

Definition: MFA adds a second verification step beyond your password.

Risk Understood: Without MFA, compromised passwords can lead to full account access.

Guiding Questions: Have you enabled MFA on all your sensitive accounts?

A. Yes, on all accounts.
B. Yes, on critical accounts only.
C. No.

C2: Do you use a password manager to generate and store complex passwords?

Definition: A password manager creates and securely stores unique passwords for each account.

Risk Understood: Reusing weak passwords increases your risk.

Guiding Questions: Would a password manager help you manage your passwords better?

A. Yes, for all accounts.
B. Yes, for some accounts.
C. No.

C3: Are your devices encrypted (e.g., full-disk encryption)?

Definition: Encryption converts your data into unreadable code without the correct key.

Risk Understood: Unencrypted devices can expose your data if lost or stolen.

Guiding Questions: Have you enabled full-disk encryption on your devices?

A. Yes, all devices.
B. Some devices.
C. No.

C4: Do you have an up-to-date antivirus or endpoint protection solution?

Definition: Antivirus software detects and removes malware and other threats.

Risk Understood: Outdated antivirus leaves your device vulnerable.

Guiding Questions: Is your antivirus set to update automatically?

A. Yes, up-to-date.
B. Yes, but rarely updated.
C. No.

C5: Have you implemented additional security controls (firewalls, IDS) on your home network?

Definition: Firewalls and IDS help prevent and detect unauthorized network access.

Risk Understood: Without them, your network may be more vulnerable.

Guiding Questions: Does your router have a built-in firewall?

A. Yes, both hardware and software.
B. One type only.
C. No.

C6: Do you regularly review and update the security settings for your accounts and devices?

Definition: This includes updating privacy settings, app permissions, etc.

Risk Understood: Neglecting updates can leave you exposed to emerging threats.

Guiding Questions: How often do you review your settings?

A. Yes, regularly.
B. Occasionally.
C. No.

C7: Do you use breach monitoring services (e.g., haveibeenpwned)?

Definition: These services alert you if your data appears in known breaches.

Risk Understood: Early alerts allow prompt corrective action.

Guiding Questions: Do you monitor your email or other credentials using these services?

A. Yes, regularly.
B. Occasionally.
C. No.

C8: Have you received formal training on phishing and social engineering attacks?

Definition: Training helps you recognize and avoid phishing and social engineering scams.

Risk Understood: Without training, you are more vulnerable to such attacks.

Guiding Questions: Have you attended cybersecurity workshops?

A. Yes, comprehensive training.
B. Some training or webinars.
C. No.

C9: Do you use licensed and legally obtained software on your devices?

Definition: Licensed software is legally purchased and receives regular updates.

Risk Understood: Unlicensed software may lack crucial security patches.

Guiding Questions: Are your applications obtained from reputable sources?

A. Yes, all licensed and up-to-date.
B. Most are licensed.
C. Some unlicensed or pirated.

C10: Do you regularly back up your data to secure locations?

Definition: Backups are copies of your important files stored externally (e.g., cloud or external drives).

Risk Understood: Without backups, you risk losing data permanently.

Guiding Questions: Do you schedule automated backups?

A. Yes, automated backups.
B. Occasionally.
C. No.

C11: Do you use device-level security measures (screen locks, biometrics, remote wipe)?

Definition: These measures protect your device if it’s lost or stolen.

Risk Understood: Without them, your sensitive data is at higher risk.

Guiding Questions: Do you set strong passcodes or use biometric authentication?

A. Yes, on all devices.
B. Yes, on some devices.
C. No.

C12: Is your home Wi-Fi secured with up-to-date encryption (WPA2/WPA3) and a strong password?

Definition: WPA2/WPA3 are modern Wi-Fi encryption standards that protect your wireless network.

Risk Understood: Insecure Wi-Fi can allow attackers to access your network.

Guiding Questions: Have you changed your router's default settings? Is your Wi-Fi password strong?

A. Yes, fully secured.
B. Partially secured.
C. Not adequately secured.

VIII. Digital Inheritance & Next-of-Kin Access

N1: Have you arranged a plan for granting access to your digital accounts to a trusted next-of-kin?

Definition: A digital inheritance plan outlines how your digital assets will be managed if you cannot do so.

Risk Understood: Without a plan, your digital legacy may be inaccessible or mismanaged.

Guiding Questions: Have you designated someone to manage your digital assets?

A. Yes, formal digital inheritance plan.
B. Yes, informally shared.
C. No.

N2: Do you store or share any of your account credentials in a manner accessible to your next-of-kin?

Definition: This checks if your login credentials are stored securely so that a trusted person can access them if needed.

Risk Understood: Proper management ensures your digital legacy is accessible in an emergency.

Guiding Questions: Do you use a secure password manager with shared access?

A. Yes, stored securely.
B. Yes, but informally.
C. No.