Do you have unsecured wireless?  This would be any wireless network that is open so anyone can join without a key or password.  In Windows, when you view available wireless networks to connect to, it will say "unsecured network" in the list of available options for unencrypted networks.  If this is your network, answer yes.

Do you have a firewall to monitor and control connections to your network from external sources?  This would be an additional piece of hardware in most cases that would reside near the point where your internet is connected to your office.

Do you have a single individual in your office designated as a security officer to review and approve security policies, review security reports, and report breaches?

Do you have an asset management policy stating what data is confidential and who is allowed to access confidential data within a provider?  This policy should also include what 3rd party partners may be able to access the confidential data and how it is accessed.

Is there an IT security practitioner employed either contract, part-time or full-time to monitor and audit security practices within the provider?

Has every employee acknowledged and signed a proper use policy for IT resources within the provider?

Does each employee have their own username and password to login to each IT resource?  This username and password may be the same for all resources, but is required to login each time.

Are vulnerability and security updates/patches applied to software and operating systems regularly?  If so, how often are updates applied?

Where are backups of critical data stored?

When was the last time a security audit was performed on your network?