Ransomware Readiness Assessment: A Self-Scoring Guide for Texas SMBs
Most Texas SMBs assume they are more ransomware-ready than they are. This is the self-scoring assessment we run with clients — 25 questions across prevention, detection, and recovery.
Introduction
When we run a ransomware readiness assessment with a new Texas SMB client, the gap between perceived and actual readiness is almost always wide. Leadership believes "we have backups and antivirus, we're fine." The assessment reveals standing local admin everywhere, backups reachable with a single domain credential, and no tested recovery plan. This guide is the self-scoring version of that assessment.
How to Use This Assessment
Score each item 0 (not in place), 1 (partial), or 2 (fully implemented). Total across all 25 for a score out of 50. Below 30 means you are in the high-risk band that accounts for the majority of successful Texas ransomware events.
Prevention (10 questions)
- Phishing-resistant MFA on all admin accounts and remote access? (see MFA bypass defense)
- Privileged Access Management with application allowlisting deployed? (see PAM)
- No standing local administrator rights for everyday users? (see least privilege)
- Email security gateway with attachment sandboxing and DMARC at reject?
- Protective DNS filtering deployed? (see protective DNS)
- Patch SLAs for critical/KEV vulnerabilities under 14 days? (see patch management)
- Network segmented so one endpoint cannot reach the whole environment? (see microsegmentation)
- Security awareness training with simulated phishing, quarterly minimum?
- RDP never exposed directly to the internet?
- Macro execution restricted and scripting (PowerShell) logged? (see PowerShell logging)
Detection (7 questions)
- EDR/MDR deployed on 100% of endpoints with 24/7 monitoring? (see MDR)
- Identity threat detection on the Microsoft 365 tenant? (see ITDR)
- Centralized logging with 90-day-plus retention? (see log retention)
- Alerts routed to a monitored 24/7 queue, not an unwatched inbox?
- Honeytoken or canary accounts that alert when touched?
- Anomalous-behavior detection (impossible travel, mass file change)?
- Defined escalation path with named on-call responders?
Recovery (8 questions)
- Backups in immutable or air-gapped storage? (see 3-2-1-1-0 rule)
- Backup credentials separate from the production directory?
- Monthly test restores with documented success? (see backup validation)
- Clean-room recovery capability that does not depend on production AD?
- Documented and measured RTO/RPO per critical application?
- Written incident response plan reviewed in the last 12 months?
- IR tabletop exercise conducted in the last 12 months? (see tabletop design)
- Pre-engaged IR retainer and breach counsel on file?
Interpreting Your Score
- 40-50: Strong posture. Focus on testing and continuous improvement.
- 30-39: Moderate. Identifiable gaps an attacker could exploit; prioritize the 0-scored items.
- Below 30: High risk. This is the band where most successful ransomware events occur. Treat remediation as urgent.
Where to Start
If you scored below 30, the three highest-leverage closes are almost always: deploy PAM, move backups to immutable storage with isolated credentials, and run a tabletop exercise. See our cybersecurity services and the 2026 Texas SMB Benchmark Report.
Geographic Coverage
Related Articles
Need Expert IT Support?
Let our team help your Houston business with enterprise-grade IT services and cybersecurity solutions.