How to prevent ransomware in an SMB
Practical ransomware prevention guide for SMBs: backups, MFA, EDR, segmentation, training, and incident response.
Problem
Ransomware can stop operations, block billing, and expose customer data.
Expected outcome
A realistic layered defense for SMBs without a large IT team.
Block compromised access
Most attacks start with a stolen account, weak password, or exposed access.
- Enable MFA on email, VPN, admin, and critical SaaS.
- Disable dormant accounts.
- Review administrator rights monthly.
Make backups restorable
A backup that is never tested is not a recovery plan.
- Keep an offline or immutable copy.
- Test a full restore every quarter.
- Document expected recovery time.
Detect before mass encryption
EDR, logging, and alerts reduce the time between intrusion and containment.
- Deploy EDR on endpoints and servers.
- Monitor account creation and privilege escalation.
- Prepare a network isolation playbook.
Frequently asked questions
Is MFA enough against ransomware?
No. It sharply reduces compromised access risk, but must be combined with backups, EDR, segmentation, and training.
How many backups should we keep?
Use at least a 3-2-1 strategy with one immutable or offline copy.
What should we do first after an attack?
Isolate affected systems, preserve logs, contact insurance, and activate the response plan.
Validate your ransomware exposure
Get a rapid review of access, backups, and critical controls.
Request a review