Ransomware protection for small businesses – the key levers

One click on the wrong attachment, and the next morning everything is encrypted: order data, accounting, mail. Ransomware no longer hits only large corporations – quite the opposite. Small businesses are a popular target because they're often less well protected and more likely to pay in an emergency.

How ransomware typically gets in

• Phishing emails with an attachment or link (by far the most common route)
• Open remote access (RDP, VPN without MFA) with weak passwords
• Unpatched systems with known vulnerabilities

The good news: this is exactly where the most effective measures apply – and they're feasible for SMBs.

The key levers (by impact)

1. MFA everywhere. Multi-factor authentication for email, remote access and admin accounts prevents most account takeovers.
2. Tested, immutable backups. One copy offline or immutable – otherwise the attacker encrypts the backup along with everything else. Details in Backup strategy for SMBs.
3. Patch with a routine. Update operating systems, servers, VPN gateways promptly – not "when there's time".
4. Train your staff. Short, regular phishing training works better than any poster.
5. Separate rights & segment networks. Not every account needs admin rights; not every system needs to reach every other.

Four of these cost mainly consistency, not budget.

If it happens anyway

• Don't pay immediately. Payment guarantees no clean recovery and funds the next attack.
• Isolate. Disconnect affected systems from the network; don't shut down in a panic.
• Restore from tested backups – the reason step 2 above matters so much.
• Report. Depending on exposure, reporting obligations apply (see also NIS2 for SMBs).

Conclusion

There's no such thing as complete security – but the risk can be drastically reduced with a few consistently implemented measures. The effort is small against a total outage.

Want to know where you stand? In a free initial consultation we'll look at your most important risks concretely.