Enter your keyword

5 Steps to Improve Your Ransomware Resilience

5 Steps to Improve Your Ransomware Resilience

5 Steps to Improve Your Ransomware Resilience

Be prepared: Sooner or later your business WILL be attacked.

This is a cold hard fact: Ransomware is on the rise.


Here’s a quick Q&A answering the most common questions about it.

Q.) What is it?

A.) It’s where hackers break into your network, encrypt your data so you can’t access it, and then charge you a large ransom fee to unlock it. It’s the most disruptive and costly kind of attack you can imagine. And very hard to undo.


Q.) Why is it a big deal?

A.) Ransomware attacks are dramatically up thanks to the pandemic. All the urgent changes that businesses went through last year created a perfect storm, with plenty of new opportunities for cyber criminals.


Q.) Is my business really at risk?

A.) Thanks to automated tools used by hackers, all businesses are being targeted all the time. In fact, hackers prefer to target small businesses, as they typically invest less time and money into preventative security measures compared to large companies.

It’s estimated a business is infected with ransomware every 14 seconds. And the hackers can demand thousands and thousands of dollars to unlock your data… with no guarantee they will actually comply once you’ve paid.


Q.) How can my business get infected with ransomware?

A.) 42% of ransomware comes from phishing emails. This is where you get a legitimate-looking email asking you to take a specific action. You only need to click a bad link once to let attackers quietly into your system. And it doesn’t have to be you who clicks… it could be any member of your team.

Malicious websites make up 23% of attacks. And compromised passwords account for 21% of ransomware attacks.


Q.) Why is it so hard to undo?

A.) A ransomware attack takes weeks for the hackers to set up. Once inside a network, they stay hidden and take their time to make lots of changes. Essentially, they’re making it virtually impossible for an IT security company such as ours to undo the damage and kick them out once the attack has started.

If you haven’t thoroughly prepared for a ransomware attack before it happens, you are much more likely to have to pay the fee.


Q.) How much is the typical ransom?

A.) The hackers aren’t stupid. They know trying to get $150,000 out of a small business simply won’t happen. But you might stump up $10,000 just to end the hell of a ransomware attack. They will change their ransom demand based on how much money they believe a business has.

Nearly 50% of businesses are so under prepared they have to pay the ransom to get their data back.

Of course, the ransom isn’t the only cost associated with an attack. There are countless indirect costs. Such as being unable to access your data or systems for a week or longer. How horrendous would it be if no-one could do any work on their computer for a week? How would your customers react to that?

Post-attack, productivity is always damaged, as staff get used to new systems, ways of working and greater security measures.


Q.) What can I do now to protect my business?

A.) This is the most important question to ask. It’s virtually impossible to stop a ransomware attack from happening. But you can do an enormous amount of preparation, so if an attack does happen, it’s an inconvenience, not a catastrophe.


Here are the 5 steps we recommend for maximizing your ransomware resilience.

1).Act as if there’s no software protecting you

Software is essential to keep your business safe from all the cyber security threats. But there’s a downside of using this software – it can make you and your team complacent.

Actually, humans are the first defense against cyber-attacks. For example, if your team doesn’t click on a bad link in a phishing email in the first place, then you’re not relying on software to detect an attack and try to stop it.

This means basic training for everyone in the business, and then keeping them up-to-date with the latest threats. This has got to be done in a way that’s fun! No-one wants to do boring techy training… (not even us, and this is our passion).


2) Make sure your IT partner has robust systems in place

You must have robust data protection and system security in place, including software that only allows approved apps to be used on your network.

From your IT partner, you need an appropriate blend of reactive and proactive support.

Reactive support is critical in situations where a ransomware attack is successful. It means you have experts on hand immediately, to minimize the impact and get your business up and running again as quickly as they can.

But long-term, proper proactive support is vital. This means you have someone working away in the background, keeping your systems safe and 100% updated. They’re looking out for problems on the horizon, and spotting anything out of the ordinary. This also means you’ll have less disruption from issues, as the majority can be resolved before they impact you or your team.

In the case of a suspected ransomware attack, a proactive IT partner will already have a protection and recovery strategy that they can trigger immediately.

3) Invest in the best data backup and recovery you can

Automatic offsite data backup is a business basic. When you have a working backup in place, it can be tempting not to give it a second thought.

But it’s worth remembering that cyber criminals will take any means necessary to get you to pay their ransom. That means they’ll target your backup files too. Including cloud-based data.

It’s critical that you create and implement a comprehensive back-up and recovery approach to all of your business data. The National Institute of Standards and Technology sets out a cyber security framework which includes best practices such as:

  • Constant backups: Separate from the computers and ideally in the cloud
  • Immutable storage: This means once created, backups can’t be changed
  • Firewalls: To restrict what data gets in and out


4) Create a plan for cyber-attacks

When a cyber-attack happens, every second is crucial. The earlier you act, the less damage is caused.

So, prepare a detailed plan of action and make sure everyone knows what’s in it, where to find it and how to trigger it.

Test your plan regularly to make sure of its effectiveness, and remove any risk of failure by keeping at least three copies of it in different places. One should be a printout kept at someone’s home… just in case you have zero access to data storage.

Work out what data and systems are vital to the running of the business, and what you can do without for a short time. When an attack happens, you then know what apps, software and data should be prioritized for recovery.


5) Prepare, prepare… and prepare some more

By creating a layered approach to recovery, you’re effectively reducing the impact of any ransomware attack. The sooner you can get your business back up and running, the less money you’ll lose and damage you’ll suffer. And your customers are less likely to lose faith in you.

The big takeaway from this guide is that it’s 100% impossible to protect your business from cyber-attacks. While your trusted IT support partner can create a highly secure system around you, realistically, it will never be 100% watertight.

By planning for what happens in the event of an attack or attempted attack, you’re making your business far more ransomware resilient.

There’s a lot to take in here, isn’t there? For our clients, we do as much of the hard work for them as we can.

Are you ready to choose a new IT partner? Let’s talk.

Ready to Get Started?

Fill in the details and we'll contact you about your business.
  • This field is for validation purposes and should be left unchanged.


Dropsuite is a cloud software platform enabling businesses and organizations globally to easily backup, recover and protect their important business information including emails, contacts, calendars and OneDrive/Sharepoint files. Compliant email backup and archive system with a 10-year retention policy.

Vade Secure:

Vade Secure is an AI-based email security solution to improve security for Office 365 and block advanced phishing, spear phishing, and advanced malware threats. Vade Secure analyzes emails, webpages, attachments, and images with machine learning and deep learning algorithms that are trained to detect behaviors and anomalies common to advanced email threats.

Office Protect:

Office Protect is a service that’s designed to help you secure your Microsoft 365 tenant. Using our powerful in-house security software, our analysts actively monitor for threats, investigate alerts, eliminate false positives, and provide guided response and remediation. Protects against account break-ins, data exfiltration, business email compromise, phishing, internal threats, lateral movement, ransomware, and attacks by nation states.

Dark Cubed:

Dark Cubed focuses on real-time monitoring, threat intelligence, predictive analytics, elegant dashboard, streamlined workflow, executive reporting and active blocking. This is another layer of security that integrates with the firewall.


ThreatLocker is a zero-trust endpoint security tool giving companies control over what software can run, by whom, and what data can be accessed.

It keeps a full detailed audit of what applications are used and data accessed/transferred/deleted and by what users (signature tracking, etc.) If something unusual happens, such as a signature change, or a user opens an application that is out of their normal routine the administrator is alerted. This is a crucial tool in identifying malware threats, as well as helping organizations identify if users are accessing applications and/or data/ files they should not be.

ThreatLocker provides a solution that allows businesses to control the content that runs on their network. Unlike AntiVirus software ThreatLocker is not looking for known viruses or malware. ThreatLocker uses a complex set of rules to determine what can be executed on a network and stops anything that has not been approved before it can even execute.


Huntress is a supplement to SentinelOne. Hackers are becoming more sophisticated, and Huntress actively seeks out these threat actors with a "defend forward" mentality. This software combines both advanced security tools along with human intervention to ensure even the most advanced hackers can't penetrate your network.


SentinelOne is a comprehensive enterprise security platform that provides threat detection, hunting, and response features that enable organizations to discover vulnerabilities and protect IT operations. SentinelOne integrates static artificial intelligence (AI) to provide real-time endpoint protection and reduce false positives that derail investigations or make threat detection a capital-intensive process. This will replace Webroot in your current environment.