Hi,
ACL is not a stateful firewall and it is for blocking or allowing the traffic on a port, source, destination, protocol, etc. I recommended choosing a Zone-based firewall configuration with this router as:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-16-6/sec-data-zbf-xe-16-6-book/sec-zone-pol-fw.html
Again, This is a simple firewall and it will not save you from viruses, malware, ransomware, application, and IPS, etc. If you want to go with the next-generation firewall with full protection then choose the Firepower or any third party NGFW as Sophos, Fortigate, etc.
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!