Ransomware Risk Preparedness Assessment

1. Do you have an inventory of key applications and systems and the type of data stored on those systems?

2. Do you use Multi-Factor authentication to access your on-prem and cloud systems and services?

3. Do you use e-mail security filtering software for your e-mail system?

4. Do you have an employee security awareness training program such as an automated employee Phishing tool?

5. Do you encrypt all your data at rest?

6. Do you use antivirus software on all of your desktop and server endpoints?

7. Do you use EDR (Endpoint Detection and Response) Software on all of your server and desktop endpoints?

8. Do you have a Security Operation Center (SOC) either in-house our outsourced?

9. Do you back up all of your workstations and server systems both on-prem and in the cloud regularly?

10. Do you periodically test restore your backups to verify functionality and usability of your backups?

11. Is your backup infrastructure protected with Multi-Factor authentication?

12. Do you scan your backups for malware?

13. Do you have defined RTO (Recovery Time Objectives) and RPO (Recovery Point Objectives) for key systems and applications?

14. Do you use Cloud Security Posture Management software for your cloud services (SaaS, PaaS, IaaS)?

15. Do you use a next generation firewall and regularly review the firewall rules for security configurations?