How to Build a Proactive Ransomware Protection Strategy


Being prepared to act in a time of crisis may not make the crisis go away, but it will enable you to make better decisions. In the heat of the moment, the right choices can mitigate the amount of damage done and minimize the impact on business operations. This is especially true when it comes to protecting your organization from ransomware. 

The longer it takes your IT security team to react to a successful ransomware attack, the greater the amount of data that is encrypted and rendered useless—or worse—until the situation is resolved.

Proactively defending your data against ransomware will save your organization the cost of cleanup and reputation repair. When you factor in downtime, security audits, hardware replacement, and loss of customer confidence, ransomware cost businesses upwards of $7.5 billion in 2019.


Now consider that ransomware operators, such as those responsible for Maze ransomware, have switched tactics and may even expose your data to the public, not just encrypt it. The good news is that implementing proactive ransomware protection strategies will deter many attacks and minimize the impact on your organization should one succeed.

Knowledge is power when it comes to preventing ransomware attacks. Arm your security team with the tools they need to set up your defense before it’s needed. These five best practices will lay a solid, secure foundation for your ransomware protection strategy.

1. Know which entrances you are protecting.

You can’t protect something if you don’t know it exists, which is why a thorough inventory of your network is critical early in the process. Map every service, device, and application that is attached to your network. Remove any nonessential entry points and beef up security for those that are left. 

2. Know your vulnerabilities.

Today’s highly distributed, remote workforce has opened up a wide variety of new vulnerabilities. There are millions of new work-from-home employees accessing sensitive business data and applications on less-than-secure home internet connections. Many of these workers are using their own devices for work and their work devices for personal tasks, and they often share their computers with others in the household. 

Contingent workers and third-party vendors may also need access to business systems and applications, which broadens the network attack surface even further because you can only hope they care as much about security as you do.

One way to mitigate this risk is setting up regular access reviews to ensure the people using the services and applications on your network have the right level of permissions and least amount of privilege.

3. Use ransomware protection technology.

Employing technology is the most reliable way to proactively protect against ransomware and be ready to bounce back if an attack succeeds. But it’s important to remember that just a cybersecurity solution or just a data protection solution isn’t adequate. You must have both.

A comprehensive ransomware protection strategy includes a cybersecurity element that provides threat detection and removal, protection against known and unknown threats, and automated patching to cover weak spots. 

Your data loss prevention solution should embrace the 3-2-1 backup rule for disaster recovery: three copies of your data, stored on two different media, with one copy off-site (preferably in the cloud). Some ransomware strains are able to encrypt your backup files if they are attached to your network, so be sure to store backups separately.

If your company is one of the 56 percent that uses Microsoft Office 365, you definitely need a data loss prevention and disaster recovery solution. Microsoft doesn’t offer long-term storage or data recovery under its shared responsibility model, so data protection is on you.

4. Educate employees.

In 2019, 90 percent of cybersecurity breaches in the UK were a result of human error. Fortunately, good cyber hygiene can be taught. Appoint a committee (preferably members of your highly trained disaster recovery team) to lead regular training sessions to teach employees how to spot bad links, malicious attachments, and suspicious emails.

5. Know what to do if a ransomware attack succeeds.

Just in case the cyber hygiene training doesn’t take, be sure the entire organization knows what to do in the event of a successful ransomware attack. The immediate goal is to stop the attack and minimize spread by disconnecting the infected computers from the network. Then tell the appropriate people so they can assess the damage and initiate the company’s business continuity and disaster recovery plan if needed.

As we continue to navigate the uncharted waters of post-COVID-19 business and the cyberthreats the pandemic has spawned, it’s important to stay a step ahead of the Bad Guys. Proactively preventing ransomware is the most efficient approach for securing your business-critical data from cybercriminals. The best practices discussed above will help you create a roadmap for a comprehensive ransomware prevention strategy. 

Download Your Guide to a Ransomware-Free Future to learn more ways to protect your organization’s data, systems, and applications from the ever-evolving threat of ransomware.