Should You Be Worried About Ransomware?

Sangfor has prepared a self-assessment ransomware protection questionnaire for end-users to have a brief overview of their readiness and effectiveness of security controls and security best practices to protect their organizations against ransomware attacks. This questionnaire should take no more than 15 minutes. You are encouraged to select the most appropriate answer for each question in order to have an accurate score.

By submitting this survey, you have read and consent to our privacy policy.

Thank you for your support!

Yours Faithfully,

Sangfor Security Team.
Company Details

Question Title

* 1. Your Company Name

Question Title

* 2. Your Name

Question Title

* 3. Your Email Address

Question Title

* 4. Your Phone Number

Question Title

* 5. Organization Size

Question Title

* 6. Nature of Business

Question Title

* 7. Overall IT Spending Power

Basic Defense Protection

Question Title

* 8. Do you have network perimeter defense against ingress or egress traffics, such as a firewall in place?

Question Title

* 9. Do you have an enterprise / paid / subscription version of antivirus installed on every endpoint, including employees' PCs and servers?

Question Title

* 10. Does the antivirus signature database update on a regular basis?

Internet / Email Access Protection

Question Title

* 11. Does the internal network, including both employees' PCs and servers, have direct and free access to the Internet without restriction?

Question Title

* 12. Can the internal network, including both employees' PCs and servers, have access to limitless downloads including executable files, from the Internet?

Question Title

* 13. Do you have a network security protection mechanism designed to protect against spamming and phishing emails?

Question Title

* 14. Do you have restrictions on file downloading, including executable files, from email attachments?

Backup Availability Assurance

Question Title

* 15. Do all servers supporting critical business operation have backup servers?

Question Title

* 16. Do all servers supporting critical business operation have active passive and load balancers to ensure availability?

Question Title

* 17. Are backup servers located in another network segment, protected by network security protection mechanism?

Network Layer Security

Question Title

* 18. Do you have a separate network for DeMilitarised Zone (DMZ), backend and internal?

Question Title

* 19. Do you have network segmentation, including VLAN segregation within your organisational network?

Question Title

* 20. Are you able to monitor possible threats within the internal network?

Question Title

* 21. Are there any inactive / idle hosts facing externally and exposed to the Internet?

Best Practice Security

Question Title

* 22. Do you patch systems and PCs regularly?

Question Title

* 23. Do you update installed software and applications to the latest version and patch on a regular basis?

Question Title

* 24. Are you aware of unauthorized software installed on servers and PCs?

Question Title

* 25. Do unnecessary ports / services face externally or are they exposed to Internet (ex. 1433/TCP, 3306/TCP)?

Question Title

* 26. Do remote desktop protocol (RDP) (port 3389/TCP), file sharing protocol (port 22/TCP, 445/TCP), or similar alternatives face externally or are they exposed to Internet?

Question Title

* 27. Do you perform security assessments like vulnerability assessments on organisational assets on a regular basis?

Question Title

* 28. Do you have a password complexity policy in place?

Monitoring / Threat Intelligence / Response

Question Title

* 29. Do you have real time threat intelligence on most recent ransomware and threats?

Question Title

* 30. Are you aware if a security incident occurs?

Question Title

* 31. Are you aware of internal threats or east-west attacks that occur in the organization?

Question Title

* 32. Can you determine the kill chain, should a security incident occur?

T