Introduction
Ransomware locks or steals your data, then demands payment. It is one of the most disruptive cyber threats today.
The best goal is not just “stop ransomware”. The goal is “recover quickly even if something goes wrong”.
How Ransomware Usually Gets In
Most cases start with one of these:
• Phishing emails that steal a password
• Weak remote access settings
• Unpatched software
• A compromised vendor account
The Three Controls That Reduce Damage Most
If you do only a few things, do these:
• MFA on email and remote access
• Least-privilege access (limit admin accounts)
• Network segmentation (stop the spread across systems)
Backups That Actually Work
Backups are only useful if they are protected and tested.
• Use the 3-2-1 idea: 3 copies, 2 different types, 1 offsite or offline
• Protect backups from deletion or changes (immutable settings if available)
• Test restores on a schedule, not only during an emergency
Your Incident Plan Should Be Short and Clear
In a real attack, people panic. Keep the plan simple:
• Who to call (IT, leadership, legal, communications)
• What to isolate first (infected devices, key servers)
• What evidence to preserve (logs, emails, alerts)
• What services to restore first (email, finance, core operations)
Conclusion
Ransomware resilience is a habit, not a one-time project. Strong access control, segmentation, protected backups, and a simple response plan help organisations recover with confidence and protect customers, staff, and reputation.
