Ransomware Safety Evaluation

Firewall / Network / Remote Access

Please select the options that apply to your firewall (If not sure, select None of the above)

Next-Gen Layer 7 firewall (application firewall)

SSL Decryption

Sandboxing (Sandbox analysis to identify and block unknown threats)

None of the above

Geo-blocking (Blocking inbound and outbound traffic for high-risk countries)

Active URL filtering subscription (block or allow certain categories or sites)

Active Intrusion Prevention System (IPS) subscription

Do you have network segmentation in place to protect critical servers and data to prevent the spread of ransomware? (If not sure, answer No)

Yes No

Do you have Two-Factor Authentication (2FA) for administrative access? (Accessing Servers via the console or RDP, accessing management interface of your firewalls, switches, or any critical applications) (If not sure, answer No)

Yes No

Do you have Remote VPN access protected by Two-Factor Authentication (2FA)? (If not sure, answer No)

Yes No

Do you have a mechanism in place to block Remote VPN from unauthorized devices? (e.g., blocking users from their personal computers or laptops to connect remotely via VPN) (If not sure, answer No)

Yes No

Do remote desktop protocol (RDP) (port 3389/TCP), file sharing protocol (port 22/TCP, 445/TCP), or similar alternatives face externally to the Internet?

Yes No

Internet & Email Protection

Please select your outbound Internet policy approach (If not sure, answer Any)

Application Based (Allowing certain application to access internet, e.g., web-browser, Netflix, YouTube, teams) Port based (Allowing outbound Port 80 and 443) Any (No restriction for outbound Internet)

Please select your outbound content filtering policy approach (If not sure, answer No Content Filtering)

Whitelist (only allowing critical and work-related sites, everything else is blocked) Blocklist (blocking non-work-related bad categories like malware, adult, phishing, p2p etc.) No Content Filtering

Do you have Email security in place to stop spam, phishing emails, and block certain attachments? (If not sure, answer No)

Yes No

Do you have secure Email access with Two-Factor Authentication (2FA)? (If not sure, answer No)

Yes No

Do you have Email Security Awareness Training for end users in place? (If not sure, answer No)

Yes No

Users / Workstations / Servers

Do you have an automatic patch management solution in place for workstations and servers ? (For Windows and 3rd party updates)? (If not sure, answer No)

Yes No

Do you have an Enterprise / paid / subscription version of Endpoint Protection installed on all computers and servers? (Local or Remote Laptops) (If not sure, answer No)

Yes No

Do you have end users with local admin rights on their computers?

Yes No

Do you have policy in place to change passwords every 120 days? (If not sure, answer No)

Yes No

Do you have a minimum password length and complexity policy in place? (If not sure, answer No)

Yes No

Backup Availability Assurance

Do you follow 3-2-1 backup rule? (3 copies of your data on two different media with one copy off-site for disaster recovery)? (If not sure, answer No)

Yes No

Do you have a backup solution that supports immutable backup? (Once the backup data is written, it can’t be altered, modified, or deleted for a selected period) (If not sure, answer No)

Yes No

Do you have a backup server isolated in a separate VLAN and protected with Two-Factor Authentication (2FA)? (e.g., The backup server can’t be accessed from a user’s computer or the VLAN and is only allowed from certain IPs) (If not sure, answer No)

Yes No

Do you test and verify your Backup and DR at least once annually? (If not sure, answer No)

Yes No

Monitoring / Threat Intelligence / Response

Do you have any real time threat intelligence on your most recent ransomware or threat attack? (If not sure, answer No)

Yes No

Do you have SIEM (Security Information and Event Management) solution in place to store, analyze and retain all the critical services logs for at least 90 days? (e.g., Firewall, Domain Controller, VPN, Radius Server, Hypervisor, Cloud applications – Office 365, AWS)(If not sure, answer No)

Yes No

Do you perform security assessments like vulnerability assessments on organizational assets on a regular basis? (If not sure, answer No)

Yes No

Do you have Cyber Incident Response Plan (CIRP) in place? (If not sure, answer No)

Yes No