Ransomware Readiness Assessment: A Self-Scoring Guide for Texas SMBs

Score each item 0 (not in place), 1 (partial), or 2 (fully implemented). Total across all 25 for a score out of 50. Below 30 means you are in the high-risk band that accounts for the majority of successful Texas ransomware events.

• Phishing-resistant MFA on all admin accounts and remote access? (see MFA bypass defense)
• Privileged Access Management with application allowlisting deployed? (see PAM)
• No standing local administrator rights for everyday users? (see least privilege)
• Email security gateway with attachment sandboxing and DMARC at reject?
• Protective DNS filtering deployed? (see protective DNS)
• Patch SLAs for critical/KEV vulnerabilities under 14 days? (see patch management)
• Network segmented so one endpoint cannot reach the whole environment? (see microsegmentation)
• Security awareness training with simulated phishing, quarterly minimum?
• RDP never exposed directly to the internet?
• Macro execution restricted and scripting (PowerShell) logged? (see PowerShell logging)

• EDR/MDR deployed on 100% of endpoints with 24/7 monitoring? (see MDR)
• Identity threat detection on the Microsoft 365 tenant? (see ITDR)
• Centralized logging with 90-day-plus retention? (see log retention)
• Alerts routed to a monitored 24/7 queue, not an unwatched inbox?
• Honeytoken or canary accounts that alert when touched?
• Anomalous-behavior detection (impossible travel, mass file change)?
• Defined escalation path with named on-call responders?

• Backups in immutable or air-gapped storage? (see 3-2-1-1-0 rule)
• Backup credentials separate from the production directory?
• Monthly test restores with documented success? (see backup validation)
• Clean-room recovery capability that does not depend on production AD?
• Documented and measured RTO/RPO per critical application?
• Written incident response plan reviewed in the last 12 months?
• IR tabletop exercise conducted in the last 12 months? (see tabletop design)
• Pre-engaged IR retainer and breach counsel on file?

• 40-50: Strong posture. Focus on testing and continuous improvement.
• 30-39: Moderate. Identifiable gaps an attacker could exploit; prioritize the 0-scored items.
• Below 30: High risk. This is the band where most successful ransomware events occur. Treat remediation as urgent.

If you scored below 30, the three highest-leverage closes are almost always: deploy PAM, move backups to immutable storage with isolated credentials, and run a tabletop exercise. See our cybersecurity services and the 2026 Texas SMB Benchmark Report.

• Houston cybersecurity
• The Woodlands cybersecurity
• Sugar Land cybersecurity