1 – Backup. Schedule a rigorous back-up routine and adopt a belt-and-braces approach by keeping backups offline as well as in the cloud.
2 – Patch. A strong, regular, and thorough patching regime provides effective protection against many threats which exploit known vulnerabilities. WannaCry is a salutary lesson.
3 – Disable. Cut down the attack surface available by disabling remote desktop protocol and not giving people system privileges they don’t need. Restrict user profiles to the minimum required to do the job, and with it the ability to launch processes and receive .exe files via email.
4 – Test. Find out how vulnerable you are to a ransomware attack, and whether your incident response plan works. Some organisations now offer ransomware simulations to test reactions.
5 – Train. Give employees proper training in cybersecurity best practice.