Blogs

Anti-Ransomware Checklist: 10 Things You Should Do to Protect Your Business

Ransomware attacks are continuing to rise in scale, cost, and sophistication. The effects can be detrimental by disrupting operations, exposing sensitive data, and leaving businesses with difficult recovery decisions. So, whether you’re managing a small business or a large enterprise, preparation is your strongest defence.

In this post, we will break down a practical, actionable and easy to follow checklist of the 10 most important steps you can take right now to strengthen your ransomware defences. From robust backups to incident response planning, this guide will help you assess your current security posture and close the gaps before an attack ever hits.

Introduction

In the recent years, there has been a considerable rise in the amount of ransomware attacks. In their 2024 annual review, the National Cyber Security Centre (NCSC) stated that ‘Ransomware attacks continue to pose the most immediate and disruptive threat to our critical national infrastructure (CNI)’, showing how important It is that we behave proactively to prevent ransomware attacks rather than sitting around and waiting for the threat to become real.

Specifically, a ransomware attack aims to block access to your data until a ransom has been paid. It is a type of malware attack that destroys or encrypts files and folders on a computer, server or device, to then attempt to extort money in exchange for a key to unlock the encrypted device. But even when paid, cybercriminals might never give the key to the business or device owner and stop their threats.

The impact caused by ransomware attacks can be tremendous. Operationally, this could cause a loss of access to data and downtime for you and your clients, consequently leading to delays and missed deadlines. It will also cost you financially, again due to downtime but also potential fines for lack of compliance and loss of customers who may feel you have acted unsafely with their data. We all know that there is a trust relationship built between business and client.

Ransomware attacks are a huge threat to organisations of all sizes; they are no longer rare, they’re routine. Whether you’re managing a small business network or an enterprise environment, having a clear checklist to minimise your exposure and maximise your response is essential.

Now lets get onto the checklist…

10 Step Checklist

1. Backup your environment

It is incredibly important that you are regularly backing up your critical data, this should be automated and at least daily to ensure that you have a recent backup you can use.
You can also choose to store your backups offline, isolating your data from online threats.
Test your backup recovery regularly, don’t just assume it’ll work.

2. Patch and update everything

Like backups, you should also be ensuring your software is regularly being updated, including applying OS, application and firmware patches promptly.
If automatic updates are available to be enabled, then do this too.
Make sure you are prioritising patching public-facing systems and remote access tools, since these are more exposed.

3. Email filtering and threat protection

Using advanced email filtering to detect malicious attachments/links minimises the risk of your end users receiving/opening malicious mail.
For email attachments, you should also implement sandboxing. This is a cybersecurity technique that isolates and analyses potentially malicious emails and their attachments in a controlled environment, preventing them from harming a user’s device or network. – Microsoft 365
Your end users are your first line of defence, the 2024 Verizon Data Breach Investigations Report found that 68% of breaches involved a human element, so cyber training is also critical. Defender for Office 365 Plan 2 provides you with Attack Simulation Training.

4. Protect your endpoints

Endpoint protection solutions, such as Microsoft Defender for Endpoint, work by examining files, processes, and system activity to keep a look out for suspicious or malicious indicators, allowing you to monitor, protect, investigate, and respond to incidents.
Using a reputable antivirus/anti-malware software is key.
Monitor alerts and automate containment where possible.

5. Network segmentation

To further secure your resources, you can separate your critical level systems and data from general user access. By dividing your network into isolated zones or segments based on sensitivity and function, you can limit the spread of ransomware and other threats if an initial compromise occurs.
For example, your accounting systems, backups, and domain controllers should never reside on the same flat network as everyday user devices.
You should also use VLANs and firewall rules to segment access logically.

6. Least privilege access control

Over-privileged users are one of the biggest security risks you can have in your domain, so it is vital that you are giving users roles with the least privilege access.
Therefore it is also key that you have regular access reviews, making sure stale privileges are revoked.
You should use Role-Based Access Control (RBAC) alongside Privileged Identity Management (PIM).
Implementing RBAC ensures users only have access to the systems and data necessary for their job roles. This reduces the risk of excessive permissions and limits the damage if an account is compromised.
RBAC alone isn’t enough when it comes to highly privileged accounts. PIM allows you to grant just-in-time (JIT) access to administrative accounts, meaning users only get elevated rights when absolutely needed, and only for a short, approved window. It also logs all activity, providing transparency and accountability.

7. Multi-Factor Authentication (MFA)

Most ransomware attacks start with comprised credentials, adding MFA provides a second layer of security. Any stolen usernames and passwords will be useless to the attacker without the second authentication factor.
Enforce MFA for all users, do not be tempted to exclude any accounts especially those deemed as privileged.
According to Microsoft, MFA can block over 99% of account compromise attacks, making it one of the most effective low-cost controls available.
Additionally, cyber insurers and regulatory frameworks (e.g. Cyber Essentials, ISO 27001) now expect or require MFA. Enabling it across your organisation not only reduces risk, it helps with compliance and insurance eligibility.

8. Ransomware simulation and drills

Preparation is only effective if it has been tested. Regularly conducting ransomware simulations and tabletop exercises ensures your incident response plan works in practice, not just on paper. These drills should involve key stakeholders from IT, security, legal, communications, and leadership to test coordination across teams.
Include scenarios like “network-wide encryption” and “ransom note received”. Walk through each phase of the response: detection, containment, eradication, recovery, and communication.
Use these exercises to validate your response plans, test decision-making under pressure, and fine-tune communication strategies. It is key to ensure everyone understands their role and follows escalation procedures. After each drill, review what worked, identify gaps, and apply lessons learned. These simulations build confidence and readiness, helping your team respond faster and more effectively when a real attack occurs.

9. Monitor and detect early

Implement centralised logging and a Security Information and Event Management (SIEM) platform. This allows you to collect, correlate, and analyse logs from across your infrastructure in one place, giving you full visibility into user activity, system events, and security anomalies all in one place.
Set up automated alerts for suspicious behaviours, such as rapid file modifications (a hallmark of encryption in progress), unusual login patterns, or sudden privilege escalations. These can often be early indicators of a ransomware attack taking hold.
Additionally watch for beaconing or outbound traffic to suspicious domains. This kind of network behaviour can signal that malware is attempting to communicate with an attacker’s infrastructure.
Following all these steps can allow you to catch ransomware attacks early and prevent wide-spread harm.

10. Incident response plan

Lastly, but not least importantly, you must ensure your business maintains an up-to-date Cyber Incident Response Plan. This should include how you would respond to specific different threat types such as ransomware, malware, social engineering etc. It should also include detailed response playbooks tailored to each threat type, outlining step-by-step actions for containment, investigation, and recovery.
Within the plan, it’s crucial to assign clear roles and responsibilities to employees so they know exactly how to respond in the event of a cyber-attack. This ensures a faster, more coordinated, and effective response, wasting no time.
Ensure you keep hard copies and test the plan regularly, with ever evolving cyber threats it is important to keep it updated too.

To conclude...

Ransomware isn’t a matter of if, but when. As attacks become more frequent and more damaging, having a clear, proactive defence strategy is essential, not optional. By following this checklist, you’re not just ticking boxes, you’re building a layered, resilient approach to cybersecurity that can significantly reduce your risk and minimise the impact of an attack.

Now is the time to evaluate your current defences, close the gaps, and ensure that your team knows exactly how to respond if the worst happens. Treat cybersecurity as an ongoing priority, not a one-time project.

Your readiness today could make all the difference tomorrow!

Important Links:

Go to our Buy page for more information: https://a4scloud.solutions/hardware-software-cloudassets/

You can find more information about Microsoft for Endpoint here: https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-endpoint

Read Microsoft’s Ransomware post here: https://www.microsoft.com/en-gb/security/business/security-101/what-is-ransomware

Read our latest blog post here: https://a4scloud.solutions/microsoftcopilotaibusinessbenefits/

Read our latest LinkedIn post here: https://www.linkedin.com/feed/update/urn:li:activity:7330902690350133248

References:

2024 annual review, the National Cyber Security Centre (NCSC)’