‘Tis the season to be vigilant! As the holiday season approaches, cyber threats are on the rise. Is your business prepared for the digital challenges that come with the festivities? Take this quiz to find out if your cybersecurity practices are on the “Nice” list or if there’s room for improvement on the “Naughty” list.

Section 1: Password Practices

1.1 How often do employees change their passwords?

  1. Quarterly
  2. Annually
  3. When prompted
  4. Rarely or never

1.2 Are multi-factor authentication (MFA) measures in place for sensitive accounts?

  1. Yes, for all accounts
  2. Yes, for some accounts
  3. No, but we are considering it
  4. No, and we have no plans to implement it

Section 2: Employee Training

2.1 Have employees received cybersecurity training in the past year?

  1. Yes, regularly
  2. Yes, but infrequently
  3. No, but we have a plan in place
  4. No, and we have no plans for training

2.2 Can employees recognise and report phishing attempts?

  1. Yes, always
  2. Yes, sometimes
  3. Rarely
  4. What is phishing?

Section 3: Data Protection

3.1 Is customer data encrypted during transmission and storage?

  1. Always
  2. Sometimes
  3. Rarely
  4. We’re not sure

3.2 How often is data backed up, and is the backup tested regularly?

  1. Daily with regular testing
  2. Weekly with occasional testing
  3. Monthly with infrequent testing
  4. We don’t have a regular backup routine

Section 4: Device Security

4.1 Are all company devices protected by updated antivirus software?

  1. Yes, on all devices
  2. Yes, but not on every device
  3. No, but we’re considering it
  4. No, and we have no plans for antivirus software

4.2 Is remote access to company systems secure and monitored?

  1. Yes, with strong encryption and monitoring
  2. Yes, but without monitoring
  3. No, but we’re working on it
  4. No, and we have no plans for secure remote access

Section 5: Incident Response

5.1 Does your business have a documented incident response plan?

  1. Yes, regularly updated
  2. Yes, but not regularly updated
  3. No, but we’re developing one
  4. No, and we have no plans for an incident response plan

5.2 How quickly can your business recover from a cybersecurity incident?

  1. Within hours
  2. Within days
  3. Within weeks
  4. Recovery is uncertain


Quiz score and results


  • For every “a” answer, give your business 3 points.
  • For every “b” answer, give your business 2 points.
  • For every “c” answer, give your business 1 point.
  • For every “d” answer, give your business 0 points.


  • 15-20 points: Congratulations! Your business is on the “Nice” list for cybersecurity readiness. Keep up the good work and stay vigilant.
  • 10-14 points: Your business is making efforts, but there’s room for improvement. Consider addressing the areas where you scored lower to enhance your cybersecurity posture.
  • 5-9 points: Your business is on the “Naughty” list for cybersecurity readiness. It’s time to take action. Prioritise cybersecurity measures and consider seeking professional guidance to strengthen your defenses.
  • 0-4 points: Your business may be at significant risk of cyber threats. Immediate action is needed to protect your digital assets. Consult with cybersecurity experts to develop and implement a robust security strategy.


Remember, cybersecurity is an ongoing process. Regularly reassess and update your practices to stay ahead of evolving threats. Please contact us if you would like to explore any of the above elements in more detail. We wish you a safe and secure holiday season!


We're your trusted advisors

Connect with us to explore how we can provide a tailored service to support you and your business outcomes.

BYRONS welcomes you to connect with us to discuss your questions, comments and feedback. Please connect online using LinkedIn, by phone or in person by visiting our office.

Contact us to explore how we can help