Employees use their personal email addresses to share client documents.

All company laptops are encrypted, and users are required to use strong passwords.

A client database was accidentally exposed online for two hours due to a misconfigured server.

Employees receive annual security awareness training.

A former employee's access to company systems was immediately revoked upon their departure

The company does not conduct regular vulnerability scans of its network.

Sensitive data is stored on easily accessible shared drives without access controls.