Ransomware disproportionately affects small and medium businesses, which often lack dedicated security teams yet hold valuable data. The good news is that the controls that stop the vast majority of attacks are well understood and affordable. Here are eight essential steps, in priority order.
1. Keep tested, immutable backups
Your last line of defence is a backup ransomware cannot reach. Follow the 3-2-1 rule, add an immutable or air-gapped copy, and test restores regularly. If you can restore cleanly, ransomware becomes an inconvenience rather than an existential threat.
2. Enable MFA everywhere
Most ransomware begins with a stolen or guessed credential. MFA on email, VPN, remote access, and admin accounts blocks the overwhelming majority of these initial-access attempts.
3. Patch promptly
Attackers exploit known vulnerabilities for which patches already exist. Establish a patching cadence for operating systems, applications, and especially internet-facing devices like firewalls and VPN appliances.
4. Deploy EDR, not just antivirus
Modern endpoint detection and response catches the behaviours of ransomware — mass file encryption, suspicious process chains — that signature-based antivirus misses. Tools like Microsoft Defender for Business bring this within reach of small budgets.
5. Get RDP off the internet
Exposed Remote Desktop is a leading ransomware entry point. Put remote access behind a VPN or Zero Trust proxy with MFA, and never expose port 3389 directly.
6. Train your people
Phishing remains the most common delivery method. Regular, realistic security awareness training measurably reduces click rates and gives staff a clear way to report suspicious messages.
7. Segment your network
Flat networks let ransomware spread to every machine. Segmentation limits the blast radius so an infection on one workstation cannot encrypt your servers and backups.
8. Have an incident response plan
Decide in advance who does what, how you isolate infected systems, and who you call. A rehearsed plan turns a chaotic crisis into a managed recovery.
No single control is a silver bullet, but layered together these eight steps stop most ransomware before it starts and let you recover quickly if it does land.
Korur Security Team
Korur Beveiligingsteam