5 things to include in your ransomware protection plan

5 things to include in your ransomware protection plan


Being prepared and having the right security measurements in place in a time of a security breach, may not stop or make the attack go away, however, it will enable you and your team to be better prepared and equipped in case it happens with the correct next steps. The right choices mitigate the amount of damage done and minimize the overall impact on your business. This is especially apparent when it comes to protecting your business’s data. In 2020, businesses in Canada faced the second highest volume of data published on the dark web according to tucu.ca.

If your network and data were to be compromised, and no one in your team knew what to do or how to react to the ransomware attack, a lot of your data would be encrypted and rendered useless which will result in a larger problem to deal with.

By being proactive and defending your data against ransomware it will save your business financial expenses and its reputation. In fact, when you consider downtime, hardware replacement and loss of reputation with customers, it can become very expensive for a business recover from a ransomware attack.  Knowledge is the most powerful tool any business can have when it comes to protecting their data. These following best practices will lay a solid and secure foundation for your ransomware protection plan.

1. Know what you need to improve and what your vulnerabilities are

Before starting the process of thinking about protecting your business from ransomware attacks, it is essential that there is a thorough inventory check of your network as early as possible. Consider things like mapping every application, device and services that are linked or attached to your network. Once this is done, focus on removing nonessential entry points into your network and ramp up the security on the pathways that you do know exist. Introduce things like Multi Factor Authentication (MFA), this will help minimize any sort of security breaches that are attempted from hackers.

2. Use the most up to date ransomware protection technology and data protection solution

It is obvious that the advancement of technologies is helping businesses thrive and scale to reach their maximum capabilities. However, as much as it is helping business run their operations, it also means that cyber-criminals are becoming more and more advanced in the way that they attack a network. A ransomware solution alone is not enough, it needs to be coupled with a data protection solution as well for your business to be protected.

A ransomware protection plan includes things like cybersecurity elements that provides extensive removal and threat detection, automated patching to cover weak spots in the network and overall protection against commonly known and unknown threats. On the other hand, a data protection plan includes identification of your most important data, data loss prevention plan incase the network is compromised and threat detection.

3. Educate, train, and bring awareness to your employees

Most often, cybersecurity and ransomware breaches are usually a result of human error. Fortunately, with some training and security awareness, these human errors can be minimized. Employees should be regularly trained as threats are constantly changing and becoming much harder to detect. ESET, a Slovak internet security company conducted free phishing tests in 2020 amongst a number of companies, in which 68 percent of the respondent in Canada failed to differentiate fake emails from real ones.

The most common type of attack is phishing emails. Training staff to decipher these emails is essential because this is what cyber criminals typically will attempt to use to access an organization’s network. They like to take advantage of employees by tricking them into falling for scams such as incentives like business opportunities, free stuff and more via email. Phishing awareness is essential for any organization (no matter the size) and should be incorporated into any security awareness training. In addition, security awareness should also cover things like malware, password security, safe internet habits, social networking dangers, data management and privacy.

Training and educating employees on security awareness is essential to creating a protection ransomware strategy because when everyone in your business is aware of all the internet security threats. Mandating security best practices will ultimately save your business downtime, cut cost, and maintain your reputation amongst customers and stakeholders.

4. Have a plan in place if a ransomware attack were to succeed

Even if you think it will be unlikely that your organization will be attacked by ransomware or malware, having a response plan will help you out in the event of a successful attack on your network. It will also greatly reduce the impact if your data or network is encrypted. A well planned and executed response will minimize damage caused by ransomware and it will result in minimal data loss and cost.

The immediate goal is to stop the attack and minimize spread by disconnecting the infected computers from the network. Then tell the appropriate people so they can assess the damage and initiate the company’s business continuity and disaster recovery plan if needed.

Today, having a response plan is even more detrimental because since the global pandemic, more people are working remotely which has allowed cybercriminals to capitalize on the opportunity to attack users more easily.

5. Configure your system to proactively address any threats

Implementing and configuring your security system to proactively address ransomware is better than dealing with it after your network has been infected. Including things like unified threat management (UTM) will work around the clock to prevent access from unknown malicious IP addresses. Today, with more businesses adopting the work from home model, it has never been crucial to have something like this in place.

Other things to consider in your ransomware protection strategy is centralizing patch management and regular patch review to ensure all systems, devices and hardware is up to date is crucial to prevent data breaches.

In fact, these are just the tip of the iceberg best practices that every business should implement. To find out what else you should include in your security system, contact us for a free consultation.


The above ideas are best practices that can help ensure that your data is protected incase of a ransomware attack. Including them in your ransomware protection strategy will ensure that minimal damage is caused in case your network is breached. It is essential to ensure there is a plan of action incase an attack because in 2020, 65 percent of small businesses failed to take appropriate action after a ransomware attack Tucu.ca, do not be a part of that 65 percent. Contact us and we can help you implement and create a strategy that is unique to your business.