Degarmo Technologies logo — veteran-owned managed IT and cybersecurity services
Client Portal

Before we can recommend anything, we need to understand where you are today.

This assessment is designed for business owners — not IT professionals. Every question includes a plain-language explanation. Your answers are confidential and used only by the Degarmo Technologies team. A PDF copy will be downloaded to your device when you submit.

How to Complete This Assessment
  • Don't guess — say "Not sure." Honest responses give us the clearest picture.
  • Read the shaded guidance boxes below each question — they explain what we're asking and why.
  • Involve your team if needed. Some answers may require input from an office manager or whoever handles your computers.
  • Be specific where you can. Brand names, software names, and vendor names all help.
  • There is no selling here. This is strictly for our internal evaluation.
Please complete the required fields (marked *) before submitting.
1
Business & Contact Information
Basic facts about your organization and who we'll be working with.
Business Details
Fill in as much as you can. Industry helps us understand common regulatory requirements your sector may face.
Legal Business Name *
DBA / Trading Name
Industry / Sector
Year Founded
Primary Address
City, State, ZIP
Business Website
Main Business Phone
Your Contact Information *
Who is completing this form? This is who we'll follow up with to clarify any answers.
Full Name *
Title / Role
Email Address *
Direct Phone *
Who makes technology decisions at your organization?
This could be the owner, a manager, or whoever approves technology purchases. Write "Same" if it's you.
Name
Title / Role
Email
Do you have additional office locations or remote sites?
If your business operates from more than one physical location — branch offices, warehouses, clinics, job sites — list them here. Each may need its own network and security setup.
2
Team Structure & Work Model
How your team is organized and where they work shapes almost every IT decision.
How many people work at your business?
Include full-time, part-time, and regular contractors who use your systems.
How does your team primarily work?
Hybrid means some staff are in the office part of the time and remote the rest.
Do employees use company-owned or personal devices?
Using personal devices (BYOD — Bring Your Own Device) for work creates specific security considerations we need to plan for.
Do remote staff connect to office systems from home?
We're asking whether remote employees need to access files or software stored at your office — not just cloud tools like email. This affects remote access and security design.
Do employees travel frequently and need system access while away?
Staff using public Wi-Fi at airports, hotels, or client sites without proper security is a common and serious vulnerability.
3
Computers & Devices
A full inventory of the physical technology your business relies on.
How many of each device does your business actively use?
Count only devices regularly used for work — not spares. Include devices used by remote staff.
Desktop computers
Laptop computers
Tablets (iPad, Surface, etc.)
Company-issued smartphones
Printers / copiers / MFDs
On-site physical servers
NAS / network storage devices
POS terminals or kiosks
Other networked devices
What operating systems do your computers run?
The operating system is the core software that runs your computer. Check your Start menu (Windows) or Apple menu (Mac) if unsure. Check all that apply.
How old are most of your computers?
Older computers may not support current security software or receive updates from Microsoft or Apple. An honest estimate is fine.
Do your computers receive regular software and security updates?
Software updates (patches) fix security holes in your operating system and applications. If computers often show update notifications that get dismissed, that's a gap worth noting.
Do you have physical servers located at your office?
A server is a dedicated computer that stores files, runs applications, or manages user access — often a larger box in a utility closet or rack. Many businesses run entirely on cloud services with no physical server.
4
Network & Internet Infrastructure
How your office connects to the internet and how devices communicate with each other.
Who is your internet provider and what type of connection do you have?
Your ISP is the company you pay for internet — e.g. AT&T, Cox, Comcast, Spectrum. You can usually find this on your bill.
Do you have a backup or secondary internet connection?
Some businesses have a second line or cellular backup so that if primary internet goes down, they keep working. This is called redundancy.
What router or firewall do you use at your office?
A router connects your office to the internet. A firewall filters traffic and blocks threats. If you only have the box from your internet provider, note that. Dedicated brands include Cisco, Palo Alto, Fortinet, SonicWall, and Meraki.
Brand & Model (if known)
Approximate age
Who manages / configured it?
Do you have separate Wi-Fi networks for staff and guests?
A guest Wi-Fi is a separate network for visitors and personal devices. It prevents guests from reaching your business systems. If everyone uses the same Wi-Fi password, that's a gap.
Do you use a VPN for remote access?
A VPN (Virtual Private Network) creates a secure, encrypted connection between a remote employee's device and your office. If remote staff access anything stored in the office, they should be using one.
Are your network devices kept updated with firmware patches?
Like computers, routers and switches run software (firmware) that needs updating to fix security vulnerabilities. Many businesses never update network equipment, which is a very common security gap.
5
Email & Communication Tools
Email is the #1 vector for cyberattacks. We need a complete picture of how your team communicates.
What email platform does your business use?
This is the service powering your business email — not just the app you read it in. Your email may look like name@yourbusiness.com but could be hosted by Microsoft, Google, or your web host. Check your billing statements if unsure.
Do all staff use a business email address (e.g. name@yourcompany.com)?
Using personal Gmail or Yahoo accounts for business is a significant security and legal risk. Business communications sent from personal accounts are outside your control and very difficult to secure.
Do you have spam filtering or email security in place?
Spam filters catch phishing emails before they reach your inbox. Microsoft 365 and Google Workspace include basic filtering, but dedicated solutions like Proofpoint or Microsoft Defender for Office 365 provide much stronger protection.
What tools does your team use for internal communication and collaboration?
Think about how your team communicates day-to-day beyond email. Check all that apply.
Who manages your business email accounts?
When a new employee starts or someone leaves, who sets up or disables their email account? If the answer is "nobody" or "we don't remove old accounts," that's important to know.
6
Website & Online Presence
Your website is a public-facing part of your IT environment and can be a point of vulnerability.
Website Details
Your domain registrar is where you bought your web address (e.g. GoDaddy, Namecheap). Your hosting provider is where the website files actually live. These can be the same company or different ones.
Website URL
Platform / CMS
Hosting Provider
Domain Registrar
Who manages / updates the site?
When was it last updated?
Does your website collect or process any of the following?
If your site collects customer info, processes payments, or allows logins, it becomes a more sensitive security target and may be subject to privacy regulations. Check all that apply.
Does your site have an SSL certificate (the padlock icon in the browser)?
Check by looking at your website — it should start with "https://" and show a padlock. Sites without this show "Not Secure" warnings and can be penalized by search engines.
Are your website platform and plugins kept up to date?
WordPress and similar platforms use plugins that need regular updates. Outdated plugins are one of the most common ways websites get hacked. Many businesses build a site and never update it.
7
Software & Business Applications
The software that runs your business — from productivity tools to industry-specific applications.
What productivity suite does your team use?
This is the software for everyday documents and spreadsheets — Microsoft 365 (Word, Excel, PowerPoint) or Google Workspace (Docs, Sheets, Slides).
What accounting or bookkeeping software does your business use?
Examples: QuickBooks, Xero, Sage, FreshBooks. Note whether it's on a local computer or accessed through a web browser (cloud-based).
Software Name
Cloud-based or locally installed?
Do you use a CRM (Customer Relationship Management) system?
A CRM manages customer relationships, leads, and sales. Examples: Salesforce, HubSpot, Zoho. Even a shared spreadsheet counts.
CRM / Sales tool name
Cloud-based or locally installed?
What other industry-specific or critical software does your team rely on daily?
Specialized tools for your operations — project management, ERP systems, scheduling, estimating, practice management, or anything your business couldn't function without. List as many as apply.
Software / App NamePurposeCloud or Local?

Attach a separate list if you have more than four applications.

Do you use any cloud platforms for hosting applications or storage?
Cloud platforms host applications or databases over the internet rather than on equipment in your office. Many businesses use these without realizing it — if a vendor hosts your software "in the cloud," it's likely on one of these.
8
Data Storage & File Management
Where your business data lives and how it's organized and accessed.
Where does your team primarily store business files and documents?
Think about where documents, spreadsheets, contracts, and work files are saved. Check all that apply — storing files in multiple places is common but can create backup and security gaps.
Is there a structured system for organizing files, or does each employee manage their own storage?
Centralized storage means the business controls where files live. When employees manage their own files independently, the business often loses access to work when someone leaves.
Do you store sensitive customer or employee data in your files?
Sensitive data includes Social Security numbers, financial account details, health information, credit card data, or contracts with personal identifying information. This affects how data must be stored and protected. Check all that apply.
9
Security Practices & Policies
The day-to-day habits and tools that determine how protected your environment actually is.
Do your computers have antivirus or endpoint security software installed?
Antivirus detects and removes malware. Windows Defender (built into Windows 10/11) provides basic protection. Dedicated solutions like CrowdStrike or SentinelOne go much further, monitoring behavior in real time and blocking threats proactively.
Is Multi-Factor Authentication (MFA) required for your business accounts?
MFA (also called 2-Step Verification) requires a second form of verification — like a code sent to your phone — when logging in. This is one of the single most effective ways to prevent unauthorized account access. Passwords alone are not sufficient protection.
How does your organization manage passwords?
Weak, reused, or shared passwords are a leading cause of breaches. A password manager generates and stores unique, strong passwords for every account. If staff reuse passwords or share them in a spreadsheet, that's a critical risk area.
Does your organization have written security policies or an acceptable use policy?
A written security policy defines how staff should use company technology and handle data. An acceptable use policy defines what is and isn't allowed on company systems. Operating without these creates legal and compliance exposure.
Have your employees received cybersecurity awareness training?
Training teaches staff to recognize phishing, avoid scams, handle passwords safely, and respond to suspicious activity. Human error is the leading cause of data breaches. Even annual online modules count.
Is there a process for removing access when an employee leaves?
When someone leaves, their email, file access, and system accounts should be removed immediately. If former employees can still log into your systems after they've left, that's a serious and common risk.
10
User & Account Management
How user accounts and system access are controlled across your organization.
Do employees log in with individual accounts or shared logins?
Individual accounts (each person has their own username and password) are essential for security and accountability. Shared logins make it impossible to track who did what and very difficult to revoke access when someone leaves.
How many people have administrator-level access to computers or systems?
An administrator account can install software, change settings, and access all files. Best practice: limit admin access to as few people as necessary. If most users have admin rights on their own computers, risk is significantly higher.
Do you use Active Directory or a centralized identity system?
Active Directory (or Azure AD / Entra ID) centralizes user accounts — one login controls access to everything. If employees log in the same way to every computer in the office, you likely have this. If each computer has its own accounts, you probably don't.
Are access levels restricted so employees can only see what they need for their role?
This is called "least privilege" — employees should only access files and systems relevant to their role. If everyone has access to everything, sensitive data is much harder to protect.
11
Backup & Disaster Recovery
Your ability to recover when something goes wrong — cyberattack, hardware failure, or human error.
Do you currently back up your business data?
A backup is a separate copy of your important files. If your computers were destroyed or locked by ransomware today, a working backup means you could recover. If critical data only exists on the computers you use daily, a single failure could mean permanent loss.
Where are your backups stored?
A backup stored only on-site can be destroyed in the same fire, flood, or theft event. Best practice is the 3-2-1 rule: 3 copies of data, on 2 different types of storage, with 1 copy off-site or in the cloud.
Have your backups ever been tested to verify they actually work?
Many businesses assume backups work but have never tried to restore from them. An untested backup may be corrupted or incomplete. Testing means actually restoring files from the backup to confirm they're recoverable.
If all systems went down right now, how long before it becomes a critical business emergency?
Think realistically — if every computer and system was offline right now, could you still serve customers? For how long? This helps us understand how quickly systems would need to be restored.
Do you have a written disaster recovery or business continuity plan?
A disaster recovery plan documents how your business responds when technology fails — who does what and in what order. Having neither a DR plan nor a business continuity plan is very common in small businesses, but it's important for us to know.
12
Vendors & Third-Party Access
Who outside your organization has access to your systems, and how that access is managed.
Do you currently have an IT provider, MSP, or IT consultant?
This is anyone currently providing IT support, managing your systems, or who has remote access to your computers or network.
Company / Person Name
How long have they been your provider?
What do they currently manage?
Do they have remote access?
Do any other vendors or contractors have remote access to your systems?
Think about software vendors, bookkeepers, payroll companies, or any service provider who logs into your computers remotely. Third-party access is one of the most common ways attackers gain entry — often through a vendor with weaker security than your own.
13
Sensitive Data & Compliance
Regulatory obligations and how your business handles its most sensitive information.
Does your business operate in a regulated industry or handle regulated data?
Some industries are required by law to meet specific cybersecurity and data protection standards. Check anything that could be relevant — we'll help you determine what applies.
Have you ever had a formal compliance audit or security assessment?
A compliance audit evaluates whether your technology meets a specific regulation. A security assessment evaluates your overall security posture. Knowing when and by whom helps us understand where you are.
Does your business carry cyber liability insurance?
Cyber insurance covers financial losses from breaches, ransomware, and cyber incidents. Insurers increasingly require businesses to demonstrate specific security controls before issuing or renewing policies.
14
Incident History & Current Pain Points
What has happened in the past and what challenges your team deals with today.
Has your business ever experienced a cybersecurity incident?
This includes any event where systems, data, or accounts were compromised or disrupted. Check all that apply. Reporting yes doesn't reflect negatively — it gives us important context.
What recurring technology problems does your team deal with most frequently?
Think about the issues that come up regularly and slow people down — slow computers, connectivity drops, software crashes, difficulty with remote access, printing issues, etc.
On a scale of 1–5, how confident are you in your current IT and security environment?
1 = We have serious gaps and we know it.   5 = We're confident everything is well-managed and secure. Be honest — this helps us focus on what matters most.
Is there anything else about your environment we should know?
Anything that doesn't fit the questions above but is relevant to your technology, security, operations, or challenges. No detail is too small.

By submitting this assessment you confirm the information provided is accurate to the best of your knowledge. Your responses will only be seen by the Degarmo Technologies team. A PDF copy will be downloaded to your device for your records.

Assessment Received

Thank you — your completed assessment has been sent to the Degarmo Technologies team. We'll review your responses and reach out within one business day.

A PDF copy of your assessment has been downloaded to your device for your records.