Free resource • Checklist

Free Vulnerability Checklist

Find gaps before attackers or auditors do — a plain-English checklist across people, process, and technology. Takes about 10 minutes and helps you prioritise quick wins.

UK-based team Helpful for Cyber Essentials
Non-technical • Based on real assessments • Useful for Cyber Essentials prep
Preview

What’s inside

A quick self-check across the areas that most often cause incidents and audit pain.

Passwords & access

  • MFA enabled for email and admin accounts.
  • Leaver access removed within 24 hours; reviewed monthly.
  • Default passwords disabled on all devices and apps.

Updates & patching

  • Critical updates applied within 14 days (or vendor SLA).
  • Unsupported software removed or isolated.
  • Automatic updates enabled where practical.

Devices & networks

  • Firewalls enabled and reviewed (incl. cloud security groups).
  • Remote access secured (VPN/MFA) and restricted by need.
  • Admin interfaces not exposed to the public internet.

Backups & recovery

  • Backups run automatically and are monitored for failures.
  • A recent restore test confirms backups actually work.
  • Backups are protected from ransomware (separation/immutable storage).
Get the full checklist (PDF)
How to use it

Run the check in 10 minutes

Answer yes/no, circle gaps, then tackle the high-impact fixes first.

  1. 1
    Download and scan for quick wins

    Start with MFA, patching cadence, and admin access — these deliver fast risk reduction.

  2. 2
    Prioritise by impact

    Fix items that reduce broad attack paths (identity, patching, backups, exposure).

  3. 3
    Book a review if you want a plan

    We’ll help validate priorities and turn gaps into a simple remediation checklist.

Complimentary consultation

Want help reviewing your results?

Book a free 20-minute call and we’ll talk through quick wins, priorities, and next steps.

Book a free call See security services