Suspicious Domain Checker

Check a link

Paste a full URL (https://...). Works on links from email, SMS, WhatsApp, social media — anything you've been asked to click.

URL Reputation Scanner

Check a link

Paste a full URL (https://...). Works on links from email, SMS, WhatsApp, social media — anything you've been asked to click.

Smart Camera Risk Checker

12-question audit for home cameras: cloud storage, default creds, firmware, access.

Privacy: answers stay in your browser. We do not record your responses.

1. Did you change the camera's default password before installing?

Yes No / Not sure

Cameras with default creds are the #1 IoT botnet recruitment target.

2. Is the camera firmware on its latest version?

Yes No / Not sure

Check monthly. Old firmware = public CVEs.

3. Is MFA enabled on the camera's cloud account?

Yes No / Not sure

Ring, Nest, Wyze all support it.

4. Is the camera on a segmented network (guest WiFi / VLAN)?

Yes No / Not sure

Isolate IoT so a compromised camera can't pivot to your laptop.

5. Are the camera's cloud-account passwords unique (not reused)?

Yes No / Not sure

Reused password + breach = someone watching your living room.

6. Have you disabled features you don't use (two-way audio, motion zones)?

Yes No / Not sure

Reduce attack surface to what you actually need.

7. Is the camera's USB or local-access port physically secured?

Yes No / Not sure

Indoor cameras near doors are a physical tamper target.

8. Have you reviewed who has login access to the camera account?

Yes No / Not sure

Ex-partners, old roommates — remove their access.

9. Is the brand actively receiving firmware updates?

Yes No / Not sure

Abandoned no-name cameras from Amazon often never update. Swap them.

10. Is the camera's line-of-sight reviewed (not pointing at sensitive areas)?

Yes No / Not sure

Cameras pointed at keyboards, whiteboards, or locks are a data exposure.

11. Do you know where the cloud footage is stored (US, EU, other)?

Yes No / Not sure

For legal and privacy reasons, know your vendor's data residency.

12. Can you physically disconnect / unplug the camera when needed?

Yes No / Not sure

Smart plugs or accessible outlets give you a physical off-switch.

Score

—

Answer the questions above to see your score.

Password Reuse Checker

Walk through your most-used accounts and check if you're reusing passwords.

Privacy: answers stay in your browser. We do not record your responses.

1. Does your email password differ from your bank password?

Yes No / Not sure

If these match, a single leak is catastrophic. Split them today.

2. Is your password-manager master password unique (not reused anywhere)?

Yes No / Not sure

Reusing the master password for another site is a single point of failure.

3. Is your work account password different from personal email?

Yes No / Not sure

Work breach should not touch your personal life.

4. Does each bank / brokerage / crypto account have its own password?

Yes No / Not sure

Financial institutions compartmentalize for a reason. You should too.

5. Do your social media accounts use unique passwords?

Yes No / Not sure

Social media leaks happen often; don't let them pivot elsewhere.

6. Are shopping-site passwords unique from banking?

Yes No / Not sure

Retail sites are constant breach targets; isolate them.

7. Do you change old passwords that you know were reused?

Yes No / Not sure

If you ever reused a password, go change them now — password manager makes this fast.

8. Do you have a password manager generating unique passwords for new accounts?

Yes No / Not sure

This is the one habit that solves password reuse permanently.

9. Have you checked password-manager reports for duplicates?

Yes No / Not sure

1Password Watchtower, Bitwarden Reports, LastPass Security Challenge — use them.

10. Do you NEVER reuse variations ("password1", "password2")?

Yes No / Not sure

Attackers try trivial variations first. "Password!" = same as "Password1".

Score

—

Answer the questions above to see your score.

Account Takeover Risk Score

12-question risk score across your most important online accounts.

Privacy: answers stay in your browser. We do not record your responses.

1. Is every critical account (email, bank, password manager) on MFA?

Yes No / Not sure

MFA is the highest-impact ATO defence by 10x.

2. Are passwords unique across your top 10 accounts?

Yes No / Not sure

One leak breaks all reused accounts.

3. Have you checked Have I Been Pwned in the last 6 months?

Yes No / Not sure

Or use our Password Leak Checker / Username Leak Checker.

4. Are your passwords managed in a password manager?

Yes No / Not sure

Browser-autofill is not a password manager.

5. Are recovery emails and phone numbers current?

Yes No / Not sure

Old recovery options are a re-compromise path.

6. Do your passwords exceed 14 characters for critical accounts?

Yes No / Not sure

Short passwords are brute-forceable offline. Use our Password Generator.

7. Have you reviewed active login sessions in the last 3 months?

Yes No / Not sure

Google and Microsoft both show where you're logged in. Sign out of stale ones.

8. Are login alerts enabled (email on new device/location)?

Yes No / Not sure

Most platforms support this — turn it on everywhere.

9. Do you avoid using SMS for MFA where possible?

Yes No / Not sure

SIM-swap attacks beat SMS MFA. Use authenticator apps or hardware keys.

10. Have you checked for old / unused accounts and closed them?

Yes No / Not sure

Forgotten accounts with weak passwords = lateral movement paths.

11. Is your email provider's account secure (strong password + MFA)?

Yes No / Not sure

Email controls all password resets. Treat it like your crown jewel.

12. Do you use a hardware key (YubiKey) on at least one critical account?

Yes No / Not sure

$25 hardware key = phish-proof login.

Score

—

Answer the questions above to see your score.

Identity Theft Risk Score

15-question identity-theft posture score.

Privacy: answers stay in your browser. We do not record your responses.

1. Is your credit frozen at all three bureaus?

Yes No / Not sure

Credit freeze is free, takes 10 minutes, and is the single highest-impact ID theft defense.

2. Do you check your credit report from each bureau at least yearly?

Yes No / Not sure

annualcreditreport.com is free and official.

3. Is MFA enabled on your primary email?

Yes No / Not sure

Email is the reset path to almost everything.

4. Is MFA enabled on your bank account?

Yes No / Not sure

Even SMS MFA beats none.

5. Do you shred mail with account numbers or SSN?

Yes No / Not sure

Dumpster-diving still happens for valuable targets.

6. Do you avoid giving your SSN over phone unless YOU initiated the call?

Yes No / Not sure

Inbound callers asking for SSN = assume scam.

7. Have you opted out of prescreened credit offers?

Yes No / Not sure

optoutprescreen.com — stops physical mail offers that can be intercepted.

8. Are IRS and SSA accounts created (so a thief can't create them first)?

Yes No / Not sure

Create accounts at ssa.gov and irs.gov now — blocks thieves from opening them in your name.

9. Do you use different passwords for bank vs email vs everything else?

Yes No / Not sure

One leak shouldn't cascade. Password manager + unique passwords.

10. Is your trash can / mailbox in a secure location?

Yes No / Not sure

If your mailbox is on the street, consider a PO box for sensitive mail.

11. Have you removed your info from data brokers (DeleteMe, manual opt-out)?

Yes No / Not sure

Data brokers aggregate public records, making identity theft easier.

12. Do you review bank + credit-card statements weekly?

Yes No / Not sure

Early detection = easier dispute. Automate alerts for transactions above $1.

13. Is your SSN stored somewhere secure (not in a cloud doc / unencrypted email)?

Yes No / Not sure

Password manager "Secure Note" is the right place.

14. Do you know how to file an identity theft report?

Yes No / Not sure

IdentityTheft.gov walks you through it — bookmark it now.

Score

—

Answer the questions above to see your score.

AI Security Readiness Score

12-question org-level AI security maturity check.

Privacy: answers stay in your browser. We do not record your responses.

1. Do you have a written AI acceptable-use policy?

Yes No / Not sure

One-page doc: what employees can use, what data is off-limits.

2. Are employees trained on what NOT to paste into public LLMs?

Yes No / Not sure

Customer PII, trade secrets, unreleased roadmap — never.

3. Is a list of approved AI vendors maintained?

Yes No / Not sure

Shadow AI (unsanctioned tools) is how data leaks. Name the sanctioned few.

4. Do approved AI vendors contractually disallow training on your data?

Yes No / Not sure

Anthropic, OpenAI enterprise, Azure OpenAI — check the DPA clause.

5. Are AI outputs reviewed by a human before customer-facing use?

Yes No / Not sure

Hallucinations are real; never ship AI-generated text as authoritative without review.

6. Is there logging of AI tool usage at the org level?

Yes No / Not sure

Even just visibility — what AI tools are employees using?

7. Is prompt-injection risk considered for any AI agent you deploy?

Yes No / Not sure

If your agent reads user content, treat that content as untrusted.

8. Is PII masked / redacted before being sent to AI vendors?

Yes No / Not sure

Replace emails, phone numbers, SSNs with placeholders before LLM calls.

9. Do AI integrations use least-privilege credentials?

Yes No / Not sure

An AI agent shouldn't be able to delete your database. Scope keys.

10. Is there a kill-switch / rate limit on AI spending?

Yes No / Not sure

OpenAI budget caps; Anthropic spend alerts. Don't find out at invoice time.

11. Are AI-generated decisions auditable (logged with inputs)?

Yes No / Not sure

Regulators (and your lawyers) want to reconstruct what the AI saw and replied.

12. Have you considered regulatory constraints (EU AI Act, sectoral rules)?

Yes No / Not sure

Healthcare, finance, hiring = high-risk under EU AI Act. Understand your category.

Score

—

Answer the questions above to see your score.

Data Breach Cost Calculator

Estimate your breach cost

Ballpark estimate only. Real cost depends on specifics; use this for planning, not as a forecast.

Number of records exposed

Data type

Jurisdiction

Cyber insurance coverage active Written incident response plan tested within 12 months MFA enforced across all accounts

Estimated total cost

—

Detection & escalation	—
Notification & comms	—
Post-breach response	—
Lost business / churn	—
Regulatory fines (est)	—

Compliance Gap Checker

SOC 2 / ISO27001 / HIPAA / PCI gap snapshot — find what you're missing.

Privacy: answers stay in your browser. We do not record your responses.

1. Written information security policy, reviewed annually?

Yes No / Not sure

Required by every framework. Start with a 5-page doc — refine later.

2. Acceptable use policy all employees sign?

Yes No / Not sure

Covers what's OK / not-OK with company data and devices.

3. Access control review (quarterly)?

Yes No / Not sure

Review who has access to what. Remove stale accounts. SOC 2 mandate.

4. Background checks on employees handling sensitive data?

Yes No / Not sure

Required under SOC 2, HIPAA BAA agreements.

5. Change management process (tracked code deploys)?

Yes No / Not sure

Git history + PR reviews satisfy most auditor requirements.

6. Vendor risk management program?

Yes No / Not sure

SOC 2 questionnaires for all critical vendors.

7. Data classification policy (public, internal, confidential)?

Yes No / Not sure

Even a 1-page classification doc meets the baseline.

8. Encryption standards documented and enforced?

Yes No / Not sure

TLS in transit, AES-256 at rest, key rotation policies.

9. Incident response plan + tabletop exercise yearly?

Yes No / Not sure

Auditors want evidence you've actually walked through a scenario.

10. Business continuity / DR tested annually?

Yes No / Not sure

RTO/RPO documented + a restore you actually did.

11. Audit logging + monitoring for production systems?

Yes No / Not sure

At minimum: auth logs, admin actions, data access.

12. Security awareness training completed by ≥ 95% of staff yearly?

Yes No / Not sure

Required by SOC 2, HIPAA, GDPR. Track completion.

13. Physical security controls documented (if you have an office)?

Yes No / Not sure

Badge access, visitor log, equipment inventory.

Score

—

Answer the questions above to see your score.

Cyber Insurance Readiness Tool

Pre-application self-audit for the controls underwriters ask about.

Privacy: answers stay in your browser. We do not record your responses.

1. MFA on all admin and email accounts?

Yes No / Not sure

Non-negotiable — expect underwriting decline without it.

2. EDR or equivalent on all endpoints?

Yes No / Not sure

Defender for Business, SentinelOne, CrowdStrike, Sophos all qualify.

3. Offsite, tested backups (3-2-1 rule)?

Yes No / Not sure

3 copies, 2 different media, 1 offsite. Test quarterly.

4. Written incident response plan?

Yes No / Not sure

Even one-pager covering detection, containment, comms, recovery.

5. Security-awareness training (annual)?

Yes No / Not sure

KnowBe4, Hoxhunt, even free phishing simulations.

6. Email security gateway (spam/phish filter beyond native)?

Yes No / Not sure

Proofpoint, Mimecast, or even Microsoft Defender for 365.

7. Vulnerability management program (patching cadence)?

Yes No / Not sure

Document "we patch within 30 days of release." Implement it.

8. Privileged access management / separation of duties?

Yes No / Not sure

Admin accounts separate from daily-use accounts.

9. Logging + SIEM or managed detection?

Yes No / Not sure

Even something as simple as centralized syslog counts.

10. Vendor/supply-chain security review process?

Yes No / Not sure

SOC 2 + DPA in hand for critical SaaS vendors.

11. Data classification and access control on sensitive data?

Yes No / Not sure

HR, finance, customer PII — documented access controls.

12. Business continuity / disaster recovery plan?

Yes No / Not sure

RTO/RPO documented. Tested at least yearly.

13. Encryption at rest for sensitive data?

Yes No / Not sure

Most cloud services have this. Document it for your policy.

Score

—

Answer the questions above to see your score.