How Secure is Your Online World? – A Quick Self-Check for Online Providers

With this compact self-check, you can assess in just a few minutes how well your online services are positioned regarding cybersecurity and data protection. The questions are designed for providers of online courses, coaching, and digital services without their own IT team, helping you identify common vulnerabilities before they become a problem.

Dr. Mariia Bohach

12/28/20252 min read

This self-check does not replace a professional audit, but it provides a simple initial orientation. Answer the questions as honestly as possible with "Yes," "Partially," or "No." If you select "Partially" or "No" for several points, it is worth making targeted improvements—especially if you are considering an independent EAS™ certification.

1. Access & Passwords

  1. Do you use different passwords for important accounts (e-mail, course or coaching platform, cloud storage, payment provider)?

  2. Are your passwords long and complex (e.g., more than 12 characters, a combination of letters, numbers, and special characters)?

  3. Do you use a password manager to store access data securely instead of keeping them in the browser or on notes?

  4. Is Two-Factor Authentication (2FA) activated for central accounts (e.g., e-mail, platform, payment provider)?

2. Devices & Updates

  1. Are all devices you use to access your online services (laptop, PC, tablet, smartphone) regularly updated (operating system, browser, apps)?

  2. Do your devices have up-to-date virus or malware protection or an activated integrated security solution?

  3. Do you avoid using open public Wi-Fi for working with sensitive data, or do you use a secure VPN in such cases?

3. Data Storage & Backups

  1. Do you know exactly where your documents and client data are stored (e.g., specific cloud services, local folders)?

  2. Do you create regular backups of important data (materials, client and participant data, contracts) and store them separately from your work device?

  3. Are your backups organized so that you could resume work within a short time in an emergency (e.g., if a device fails)?

4. Roles, Rights & Collaboration

  1. Have you documented who in your team has access to which accounts and data (e.g., virtual assistant, co-trainer, accounting)?

  2. Are the access rights of former employees or service providers promptly deactivated or changed when the collaboration ends?

  3. Do you avoid shared logins where multiple people use the same password for an important account?

5. Communication & Platforms

  1. Do you use clear professional channels (e.g., business e-mail, professional platform) for communicating with clients and participants, rather than predominantly private messengers or social media accounts?

  2. Have you consciously chosen secure platforms (e.g., video conferencing, course or community platform, payment service) and reviewed their privacy policies at least for basic points?

  3. Have you established internal rules regarding what information may be shared via which channels (e.g., no sensitive data via unencrypted messengers)?

6. Recordings & Files

  1. Do you only make audio or video recordings of online sessions with the explicit consent of your clients or participants?

  2. Do you save recordings and downloadable materials in clearly defined locations rather than scattered across various devices or private folders?

  3. Have you regulated how long such files should be kept and when they should be deleted?

7. Data Protection & Transparency

  1. Do you refer your clients and participants to an up-to-date Privacy Policy that explains at least the most important points (type of data, purpose, storage duration, data subjects' rights) in an understandable way?

  2. Can interested parties contact you regarding data protection and security questions via an official contact address (e.g., a dedicated data protection e-mail)?

  3. Do you indicate in your Terms and Conditions (T&C) or information materials how you handle personal data and where the limits of your responsibility lie?

8. Evaluating the Self-Check

  • If you could answer "Yes" to most questions, your online world is already on the right track.

  • Several "Partially" answers highlight areas where you can implement improvements with manageable effort.

  • Frequent "No" answers indicate a lack of important fundamentals in information security and data protection—here, an in-depth review or external support is highly recommended.

This self-check is not an official audit and does not replace legal advice. It is intended to help you identify typical risks early on and step-by-step bring more security and clarity to your online services—especially if you are considering an independent EAS™ certification in the future.

CONTACTS

Moosbach,
Germany, 92709

kontakt@eas-standard-certification.com

ADDRESS
© 2026 European Attestation Standard (EAS). All rights reserved.

LEGAL NOTICE & PRIVACY POLICY

FOR OUR INTERNATIONAL PARTNERS:
Our website is available in German, Ukrainian, English, and Italian. To support our cooperation, we provide official EAS documents and attestation materials upon request, not only in these languages but also in any other required language by agreement.