Skip to content

How to protect your business from ransomware

Brock Bingham candid headshot
Brock Bingham|Updated October 3, 2023
ransomware
ransomware

Ransomware attacks are on the rise, and as businesses become more reliant on the internet and digital processes, they increase their risk of an attack. Businesses without an adequate cybersecurity plan leave themselves vulnerable to devastating malware attacks and costly recoveries. Learning how to protect your business from ransomware is critical. 

Ransomware has become a very lucrative business for cybercriminals. According to a Sophos report, the average ransom payout in 2023 was around $1.54 million per attack almost double the average from 2022. Because of the potential for large financial gains, the ransomware threat shows no sign of subsiding.

Provide frequent training 

By far, the number one way to protect your business from ransomware is security training and awareness. That's not to say that training alone is enough to protect your business from a ransomware incident. That's why we have seven other security measures on this list you should be using. However, Verizon’s 2023 Data Breach Investigations Report attributes 74% of breaches to the human element. 

Training should fall into two categories. Training for IT professionals consists of learning how to properly configure and maintain systems, and security awareness training includes everyone at your company. 

Training for IT professionals is an obvious necessity, especially considering how quickly technology and processes evolve. However, general security and awareness training is equally important, especially considering how successful phishing attacks are. It's incredibly important to help your users recognize and identify fraudulent emails. Users should know to forward any suspicious email directly to their security engineer before responding or clicking on any links or attachments. 

Regularly deploy patches 

Patch management is the process of distributing and applying updates to applicable devices, systems, and software. It is a necessary component of IT security. Many updates distributed by developers are designed to fix security vulnerabilities, and if these vulnerabilities go unpatched, malicious actors can use them to distribute ransomware. 

Unfortunately, deploying patches and updates on time can be difficult, especially for IT departments with limited resources. IT departments can quickly become overwhelmed by the sheer number of devices they manage, which is why experts usually recommend incorporating a patch management solution. 

At PDQ, we offer some of the most intuitive and feature-complete patch management solutions. PDQ Deploy and PDQ Connect simplify deployments to Windows endpoints, and SimpleMDM covers Apple devices. Sign up for a free trial of PDQ or SimpleMDM to start distributing patches today. 

Even if our products don’t align with your business strategy, we encourage all organizations to develop a strategic patch management policy to keep their devices up to date.

Back up critical data and systems 

One of the only successful methods of recovering data that has been encrypted with ransomware is by restoring it from a backup. Having your critical data backed up has always been important, but as ransomware attacks increase, backups have become absolutely essential to data protection and disaster recovery. 

As you develop your backup strategy, segment your data backups to ensure they can't be encrypted as ransomware tries to propagate itself across the network. Having multiple backups using different technologies, such as on-prem and cloud services, increases the likelihood that your backup data won't be encrypted. 

One last consideration is to use tape backups, rotating and removing tapes on a regular schedule. Many organizations started moving away from tape backups as they're not the most attractive solution, but it's impossible for a tape backup that's not in a tape drive to be encrypted. 

Properly configure firewalls 

A firewall is a network security device that monitors inbound and outbound network traffic between an organization's internal network and the internet. Administrators configure rules to determine which traffic the firewall allows through and which traffic it blocks. 

Over the years, firewalls have evolved, and a new classification has emerged called next-generation firewalls (NGFW). NGFWs include several more layers of security. Application-level awareness is a key feature that significantly increases an NGFW’s effectiveness at blocking malicious threats. 

Upgrade to NGAV and EDR 

For years, companies have relied on antivirus software to protect their network from malicious threats. Unfortunately, traditional antivirus solutions often fall short of protecting endpoints from modern, sophisticated threats, such as fileless zero-day vulnerabilities. 

To adapt to modern threats, many security solution providers offer more advanced endpoint security software, such as NGAV (next-generation antivirus) and EDR (endpoint detection and response). These solutions rely on much more sophisticated toolsets, such as artificial intelligence, machine learning, and behavioral analysis, to protect endpoints from malicious threats. They’re also capable of isolating compromised endpoints if an intrusion occurs. 

Enforce strong passwords and multifactor authentication 

As computer hardware becomes more advanced and software more intelligent, companies must adopt stronger password policies. Here are some guidelines to consider when developing a password policy. 

  • Password length: Password length is more important than password complexity. Longer passwords take considerably longer to brute force than shorter, more complex passwords. However, a mixture of length and complexity is still advisable. 

  • Account locking: Lock accounts after several failed login attempts. Locking accounts after failed login attempts is a strong defense against brute force attacks. 

  • Password managers: Use password managers to help users create complex passwords without the burden of remembering them all. 

  • Password reuse: Don't allow users to reuse passwords. If one is compromised, multiple accounts may become vulnerable. 

  • Compromise databases: Check passwords against compromised password databases, and reset affected passwords. 

  • Personal information in passwords: To decrease the risk of a threat actor successfully guessing a password, passwords shouldn't include personal information. 

  • Multifactor authentication: Enable two-factor authentication (2FA) or multifactor authentication (MFA). They have proven hugely successful against account hijacking, so they should become a non-negotiable security measure adopted by all organizations. 

Don't allow users to have admin rights 

No matter how often your users ask to have administrative privileges on their devices, don't allow it — even if they promise to stop constantly submitting IT support tickets. Users with administrative privileges are much more likely to install potentially malicious software or ransomware on their devices. 

Implement access controls 

Implement appropriate access controls for your users and their job functions. Adopt the principle of least privilege, which is the idea that users should be given the minimum levels of privileges necessary to perform their job functions. 

Ransomware FAQs 

What is ransomware? 

Ransomware is a form of malware attack designed to deny users access to their data and systems. Typically, this is accomplished by encrypting a user's files and folders, though some ransomware variants encrypt entire system drives. Users are then required to pay a ransom, usually in the form of a cryptocurrency (like Bitcoin) in exchange for the decryption key to unlock their data. This makes ransomware protection especially important whether you run a small business or a major enterprise. 

Does ransomware exclusively target businesses?

Ransomware attacks target both home users and businesses. However, because businesses operate on networks consisting of many interconnected devices, ransomware can spread laterally throughout the network, possibly infecting critical systems and causing business-threatening downtime. Recovering from a serious ransomware attack can take weeks or even months, which is why understanding how to prevent ransomware attacks is so vital. 

How is ransomware distributed? 

While ransomware attackers have developed many strategies to access targeted devices, they often focus on the easiest methods. Here are a few of the most common attack vectors malicious actors use to distribute ransomware. 

Phishing 

A phishing attack is a form of social engineering where bad actors send counterfeit messages, often via email, designed to deceive users. Most messages contain a malicious email attachment that deploys malware or ransomware once opened. A phishing email may also contain deceptive links, which download malicious software over the web once the user clicks the link. 

Phishing is one of the most successful attack vectors because the messages are designed to appear to come from legitimate sources users may regularly communicate with. The attachments also appear legitimate, frequently disguised as invoices or other critical files in the form of PDF, ZIP, Word, or Excel files. 

Attacking vulnerable RDP ports 

Hackers may use port scanners to search the internet for systems with publicly exposed Remote Desktop Protocol (RDP) ports. Once identified, attackers attempt to gain access to the system by exploiting security vulnerabilities or using brute force attacks to acquire the system's login credentials. In a 2023 midyear report from Sophos, RDP played a role in 95% of cybersecurity incidents, largely for lateral movement. 

Exploiting vulnerabilities 

Vulnerabilities are system design flaws or weaknesses. If vulnerabilities go unpatched, an attacker can leverage them to gain unauthorized access to systems or enable remote code execution, often with the use of an exploit kit. Once a vulnerability has been exploited, threat actors can use it to distribute ransomware or other types of malware. 


If your business has a digital footprint, it's only a matter of time before you become a target of malicious actors. Learning how to prevent a ransomware infection and taking the steps necessary to protect your organization is critical for businesses of all sizes. Remember: It's far cheaper to prevent a ransomware attack than it is to recover from one. 

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles