Cyber threats are constant—our protection is too.

Get peace of mind with full-service security, monitoring, and recovery.

Risk Assessment Questionnaire

How your FREE Risk Assessment works

We’ve kept the process simple so you can get value quickly – with no disruption to your team.

Step 1

Fill out your Intake form

Fill out our short 10-15 minute intake form so we can prepare in advance.

Step 2

Meet with our consultant

Join a 20–30 minute call to walk through how you operate and how you’re currently protecting your organization.

Step 3

Review your risk snapshot

Receive your summarized findings, top risks, and recommended next steps, including options for a full Cyber Security Audit if it makes sense.

Cyber Risk Assessment Intake Questionnaire

Section 1

SECTION 1 – ORGANIZATION PROFILE

Organization Name:

Primary Contact Name

Role / Title:

Email:

Phone:

Industry / Sector

Approximate number of staff (including contractors)

Approximate number of Microsoft 365 / email users

Section 2

SECTION 2 - IT OWNERSHIP & SUPPORT

How is your IT currently supported?

If you work with an external IT provider, what is their company name?

Do you currently have any dedicated cybersecurity services (separate from general IT)?

Section 3 – Critical Systems & Data

SECTION 3 – CRITICAL SYSTEMS AND DATA

Which systems are most critical for your day-to-day operations?

Email & calendar

File shares (on-premise file server)

Microsoft 365 / SharePoint / OneDrive

Line-of-business application (ERP, practice management, etc.)

Cloud apps (e.g., Xero, QuickBooks Online, Salesforce)

On-premise servers (application / database)

Other

If other in previous question, please elaborate

Where is the majority of your data stored today?

Mostly in Microsoft 365 / cloud services

Mostly on servers in our office

Mix of cloud and on-premise

Not sure

Do you handle any of the following types of sensitive data?

Client personal information (names, addresses, IDs)

Financial information (banking details, credit cards, payroll)

Health or medical information

Intellectual property / trade secrets

Regulated data (e.g., PCI, privacy legislation, industry-specific regs)

None of the above

Not sure

Section 4

SECTION 4 – CURRENT SECURITY PRACTICES (High Level)

Identity & Access

Identity & Access

Do you use Multi-Factor Authentication (MFA) for any of the following?

Email / Microsoft 365

Remote access (VPN, remote desktop, etc.)

Critical business applications

Admin / IT accounts

We do not use MFA

Not sure

How are user accounts typically managed when staff join or leave?

Option 1 We have a standard, documented process

Option 2 There is a process, but it’s informal / not documented

Option 3 Depends on the situation / ad hoc

Not sure

Email & Endpoints

Email & Endpoints

Do you have protections in place against phishing and malicious email links/attachments?

Yes – advanced email security (e.g., ATP, dedicated security product)

Yes – basic filtering from our email provider

No / not that we are aware of

Not sure

What best describes your device environment (laptops/desktops)?

Company-owned devices only

Mix of company-owned and personal devices (BYOD)

Mostly personal devices (BYOD)

Not sure

Do your computers and laptops receive regular security updates and patches?

Yes – centrally managed

Yes – generally kept up-to-date by users

Not consistently

Not sure

Backups & Recovery

Backups & Recovery

Are your critical systems and data backed up regularly?

Yes – all critical systems and data are backed up

Partial – some systems/data are backed up

No / not that we are aware of

Not sure

Where are your backups stored?

In the same environment as production (same server/site)

Offsite / in a separate cloud service

Both onsite and offsite

Not sure

Have you tested restoring from backup in the last 12 months?

Yes – we test restores regularly

Yes – we’ve tested at least once in the last year

No, we haven’t tested restores

Not sure

Network & Remote Access

Network & Remote Access

How do staff typically access systems remotely (from home, client sites, etc.)?

VPN

Remote Desktop / Remote apps

Other remote access method

We do not allow remote access

Not sure

Do you have separate Wi-Fi networks for staff and guests/visitors?

Governance, Policies & Training

Governance, Policies & Training

Do you have any written IT or security policies (e.g., acceptable use, passwords, remote work)?

Do your staff receive any cybersecurity awareness training (e.g., phishing, safe email use)?

SPACE

Section 5 – Incidents, Insurance & Priorities

SECTION 5 – INCIDENTS, INSURANCE & PRIORITIES

Have you experienced any cybersecurity incidents in the last 2 years?

IF YES to previous question

Briefly describe what happened and the impact (optional).

Do you currently carry cyber insurance?

Have insurers or clients recently asked you to complete any security questionnaires or attestations?

Yes – insurance questionnaire(s)

Yes – client/vendor security questionnaire(s)

Both

Not sure

SPACE

Section 6 – What Matters Most Right Now

SECTION 6 – WHAT MATTERS MOST RIGHT NOW

Which of the following best matches your current priority?

Reduce the risk of ransomware and downtime

Protect client data and reputation

Meet compliance / regulatory / insurance requirements

Validate that our current IT/security setup is sufficient

Prepare for growth (more locations, more staff, more data)

Other

If "other in previous question, please elaborate

How would you describe your organization’s current approach to cyber risk?

On a scale of 1–5, how concerned are you about cyber risk for your organization?

1 – Not concerned

2 – Slightly concerned

3 – Moderately concerned

4 – Very concerned

5 – Extremely concerned

Is there anything specific you want to make sure we address during your Free Cyber Risk Assessment?

SPACE

Section 7 – Scheduling & Consent

SECTION 7 – SCHEDULING & CONSENT

Preferred time for the assessment session

Weekday mornings

Weekday afternoons

Flexible / no strong preference

Preferred format for the session

In person (Winnipeg/nearby, where feasible)

Zoom/Teams/Google Meet

Phone Call

How did you hear about Prairie Cyber Security?

Opt-In

I consent to Prairie Cyber Security contacting me regarding this assessment and to receive my Cyber Risk Assessment summary and recommendations.

Contact us

info@prairiecybersecurity.com

204-294-9974

How your FREE Risk Assessment works

Cyber Risk Assessment Intake Questionnaire

Contact us

Want more info?

Contact Us