Person in a plaid jacket arranging papers at a desk with a laptop, tablet, notebook, and pens.

Share this Article

Business IT Self-Assessment Guide

Facebook
Twitter
LinkedIn

A missed patch. A former employee’s login nobody remembered to disable. A backup that won’t actually restore when you need it. None of this shows up on a normal Tuesday. It shows up during an outage, a breach, or a client asking why their data got exposed, and by then, finding out has already cost you.

This self-assessment is meant to catch that before it happens. It covers the weaknesses we see most often in small and midsized businesses, and it boils down to one question: if something went wrong tomorrow, would your business actually be ready, or would you be scrambling to find out?

A perfect score was never the point. Knowing where you actually stand is what keeps a fixable gap from turning into a 2 a.m. Saturday phone call.

How to Use This Assessment

Be honest about what’s actually in place today, not what you asked your IT team to set up last year, and not what you’re assuming is still running in the background. Give yourself a point for every “yes.”

Quick note: this is a self-check, not a formal risk assessment or compliance audit. Think flashlight, not full diagnosis. It’s here to point you toward what’s worth a closer look.

Who Actually Still Has Access?

A logistics company let go of a warehouse manager during a slow quarter. Nobody circled back to shut off the account. Three months later, that login was still active, and nobody noticed until a routine audit caught it. This time, nothing happened. That’s not something you can count on twice.

Ask yourself:

  • Is multi-factor authentication enabled on email, VPN or remote access, and all admin accounts?
  • Is there a documented offboarding process that disables access right away, and have you actually confirmed no accounts got left behind?
  • Are admin privileges limited to the people who genuinely need them, with separate admin accounts where it makes sense?

If any of these made you pause, that’s probably where your risk is sitting.

10-12Lower exposure — fundamentals covered
6-9Moderate exposure — real, fixable gaps
0-5Higher exposure — foundational gaps likely

Would You Catch an Attack, or Just a Known Virus?

Traditional antivirus only catches what it already recognizes. Most attacks today don’t look like a virus at all. They look like a normal login using a stolen password, or an email that looks legitimate enough for someone to click.

  • Is endpoint detection and response (EDR) deployed on every device, not just standard antivirus?
  • Are patches applied on a risk-based schedule, with critical or actively exploited issues handled first?
  • Is your guest Wi-Fi actually separated from your business network, with proper firewall rules in place?

What this looks like in practice

If Ransomware Hit Tonight, Would You Recover?

A backup isn’t protection on its own. A tested backup is. The gap between the two only becomes obvious at the worst possible time, which is exactly why it’s worth confirming now instead of later. Are backups tested for successful recovery at least quarterly, and after any major system changes? Are they protected from accidental deletion, cyberattacks, or ransomware? Have you actually talked with your IT provider about how quickly critical systems would come back online?

Does Your Team Know What to Do in the First Hour?

Most incidents still start with a person, not a piece of software. That means your team is either your biggest risk or your first line of defense, depending on how prepared they are.

  • Have employees gone through phishing awareness training in the last 12 months?
  • Is there a clear process for reporting a suspicious email?
  • Does your team know exactly who to contact and what to do if something looks like a real incident?

What a Solid IT Foundation Actually Looks Like

When the fundamentals are in place, most of this is invisible day to day. Access is limited to the people who need it and closed off the moment they don’t. Devices are monitored, not just scanned. Backups actually restore when tested. And when something does go wrong, there’s a clear next step instead of a scramble.

What Needs to Be in Place
Multi-factor authentication across all business-critical accounts
A documented offboarding process, followed every time
Endpoint detection and response on every device, not just antivirus
Patching on a risk-based schedule, not a flat calendar date
Backups tested for recovery, not just scheduled to run
A clear, known process for what to do in the first hour of an incident

For a lot of businesses across DFW, the gap between where IT is today and where it needs to be is wider than it looks from the inside. LG Networks works with accounting firms, manufacturers, logistics operations, contractors, and trades businesses across Dallas-Fort Worth to close that gap with practical, managed IT and cybersecurity support, not a generic checklist.

See where your business actually stands.

LG Networks provides managed IT and cybersecurity services for businesses across Dallas-Fort Worth. If this assessment turned up something you weren’t expecting, we can walk through it with you.

Talk to LG Networks →

author avatar
Elena Moore