Evaluate your security posture and identify gaps before attackers do
📍 Buckeye Telecom Inc. — Columbus, OH📞 614-224-2003✉️ jeubanks@buckeyetelecom.com
This assessment covers the five most critical security domains for mid-market businesses. For each question, select Yes (fully in place), Partial (partially addressed), or No (not in place). Use your results to prioritize remediation and have an informed conversation with your security advisor.
🛡️ Domain 1: Perimeter & Firewall Security
Your network perimeter is the first line of defense. Gaps here expose everything behind it.
Do you have a next-generation firewall (NGFW) with active threat intelligence?
High Risk
Basic firewalls only filter by port/protocol. NGFWs inspect application traffic, detect anomalies, and block known threats in real time. If your firewall is more than 5 years old or doesn't receive automatic threat intelligence updates, it is likely inadequate.
Status:
Has your firewall firmware been updated within the last 90 days?
High Risk
Unpatched firewall firmware is one of the most common attack vectors. Vendors release security patches regularly — running outdated firmware means known vulnerabilities are open on your perimeter.
Status:
Are firewall rules reviewed and audited at least annually?
Medium Risk
Firewall rulesets accumulate over time. Outdated, redundant, or overly permissive rules create unnecessary attack surface. An annual review removes stale rules and tightens your posture.
Status:
👤 Domain 2: Identity & Access Management
Compromised credentials are the #1 attack vector. How well are you controlling who gets in?
Is Multi-Factor Authentication (MFA) enforced on email, VPN, and cloud applications?
High Risk
Microsoft reports MFA blocks 99.9% of automated account attacks. If MFA is not enforced on Microsoft 365, Google Workspace, VPN access, or other cloud apps, a single phished password can compromise your entire environment.
Status:
Do you have a formal process for removing access when employees leave?
High Risk
Former employee accounts left active are a significant risk. An offboarding checklist that includes immediate credential revocation across all systems — email, VPN, cloud apps, and network — is essential.
Status:
Is the principle of least privilege applied — users only have access to what they need?
Medium Risk
When users have broader access than their role requires, a compromised account creates a larger breach. Role-based access controls (RBAC) limit the blast radius of any single account compromise.
Status:
🌐 Domain 3: Network Architecture & Segmentation
How your network is designed determines how far an attacker can move if they get in.
Is your network segmented — are different device types and departments on separate VLANs?
High Risk
A flat network where laptops, phones, printers, cameras, and guest devices share the same network means one compromised device can spread to everything. Segmentation limits lateral movement dramatically.
Status:
Is guest Wi-Fi completely isolated from your internal business network?
Medium Risk
Guest networks that share infrastructure with internal networks create a direct path for attackers. Guest traffic should be completely isolated with no access to internal resources.
Status:
For remote access, do you use Zero Trust / ZTNA rather than traditional VPN-only access?
Medium Risk
Traditional VPN grants full network access once connected. Zero Trust Network Access (ZTNA) grants access to specific applications only, continuously verifying identity and device health — dramatically reducing risk from compromised remote sessions.
Status:
👁️ Domain 4: Monitoring & Detection
The average breach goes undetected for 197 days. Do you have eyes on your environment?
Do you have 24/7 security monitoring (SOC / MDR) of your network and endpoints?
High Risk
Without continuous monitoring, attacks go undetected for months. A Managed Detection and Response (MDR) or Security Operations Center (SOC) solution provides real-time alerting and response — catching threats before they become catastrophic breaches.
Status:
Are security logs retained and regularly reviewed?
Medium Risk
Log retention is required for many compliance frameworks (HIPAA, PCI) and is essential for forensic investigation after an incident. Logs should be centralized, tamper-proof, and retained for a minimum of 90 days (1 year for regulated industries).
Status:
🔄 Domain 5: Backup & Business Continuity
When (not if) something goes wrong — how fast can you recover?
Are backups performed daily, stored off-site or in the cloud, and tested regularly?
High Risk
Ransomware attacks specifically target and destroy local backups. A 3-2-1 backup strategy (3 copies, 2 media types, 1 offsite) with regular restore tests is the minimum standard. If you've never tested restoring from backup, you don't know if it works.
Status:
Do you have a documented and tested incident response plan?
Medium Risk
When a breach occurs, panic is the enemy. A documented incident response plan with defined roles, communication protocols, and recovery steps dramatically reduces downtime and damage. It should be reviewed and tested at least annually.
Status:
📊 Your Security Posture Score
Overall ScoreComplete the assessment above
Answer the questions above to see your score and recommended next steps.
Want a professional security assessment?
Buckeye Telecom conducts comprehensive network security assessments for qualifying businesses — identifying your actual gaps and providing a prioritized remediation roadmap.