Please enable JavaScript in your browser to complete this form.
Do you have a cyber security policy for your pharmacy?
Do you have any cyber security awareness posters around the pharmacy?
Do you have an internal person or external company who is responsible for your pharmacy's cyber security?
How often is cyber security discussed with key personnel?
Do you currently have cyber insurance?
Has your Pharmacy ever experienced a cyber security incident?
Do you have a formal Information Security (IS) document which lists confidential information to your pharmacy and how this information should be handled by staff?
Do you have a simple process to audit 3rd parties for their cyber security resilience before sharing confidential information?
Have you identified mission critical information and services that would cause significant disruption to your pharmacy, if interrupted or lost?
Do you have an inventory of all devices / phones / computers and details of what confidential information each holds?
Do you have encryption enabled on all devices, and a policy to ensure that all new devices have encryption enabled by default?
Do you have a formal process when disposing of old computers or mobile phones?
Do you centralise management and configuration of all computers?
Do you have network segmentation implemented to separate critical areas from non-critical areas? (such as Guest networks)
Do you regularly change access details for all networking devices?
Do you monitor network traffic for abnormal activity?
Do you store access and activity logs for network devices?
Have you performed a penetration test in the past 18 months?
Do you have any intrusion detection / prevention systems in place?
Do you have restrictions to limit what type of applications an employee can run on their company computers?
Do you have an internal or external provider regularly applying software patches / system updates?
Have you disabled default macro functions in Microsoft Office applications? (eg: Excel / Word / Powerpoint)
Have you investigated application specific settings to harden default security settings? (eg. web browsers and operating systems)
If you use cloud storage for any documents (eg: Dropbox, Google Drive), do you have two-factor authentication enabled?
If you use a cloud based CRM, do you have two-factor enabled?
Do you use a password manager?
Do you enforce the use of strong and unique passwords?
Do you have a policy or process around how removable media (eg: USB drives) should be used and what information can be copied onto these drives?
Do you use removable media regularly?
Do you enforce two-factor for webmail access?
Do you have SPAM and anti-virus filtering enabled for inbound email?
Do you have an acceptable email use policy?
Do you have outgoing policies in place to ensure large volumes of data (eg. excel, zip files) can not be sent?
Do you have website filters in place to restrict access to websites that may be harmful to your organisation? (eg: torrents / gambling)
Do you have an acceptable internet use policy?
Do you have an active anti-virus service?
Is the anti-virus centrally managed and are updates applied regularly?
Do you have an offline copy of critical domain name details? (eg: renewal dates / domain keys)
Do you have an offline copy of critical website hosting details? (eg: server location / FTP access details)
Do you complete regular malware scans of your website?
Does your website collect payment information?
Are you confident that staff are cyber aware and understand cyber risks to the organisation?
Would staff know how to identify a spear phishing email?
Have staff ever completed cyber security training?
Do you have a VPN setup for staff to connect to the office remotely?
Do you have guidelines for staff to use their personal computers to access your pharmacy's systems and data?
Do you have a recovery plan of who is responsible for what and who has access to recovery data?
Do you perform regular backups of computers and servers?
Do you test the integrity of backups on a regular basis?
Are you aware of what notification is required to send to customers should you experience a breach?
Do you maintain computer / server logs to investigate a breach should one occur?
Do you have a basic plan of action (incident response plan) which outlines roles and responsibilities should you experience a cyber incident?
Have you specifically investigated your legal risk relating to cyber security?
Have you specifically investigated your regulatory obligations with relation to cyber security?
Do you have a physical firewall in the pharmacy?