Tech Tips

Ransomware Basics for Small Teams

Security5 min read

Turn on MFA everywhere it is offered—email, VPN, remote desktop, admin portals, and backup consoles. App-based or hardware tokens beat SMS, and MFA for admins and remote access should be mandatory. This single move blocks most credential stuffing and significantly reduces ransomware initial access risk.

Backups are your ransom veto: run daily file-level backups plus weekly image backups, and keep at least one immutable or offline copy. Store versions in a separate account so a compromised admin cannot delete them. Test restores monthly; a backup you have never restored is a backup you do not have.

Email security is still the front door. Enable advanced phishing filters, attachment detonation, and link protection. Strip executable attachments by policy. Train staff to report phish with a button so you can block similar messages tenant-wide. Faster reporting means fewer clicks and less lateral movement.

Apply least privilege everywhere: remove local admin rights from workstations, use separate admin accounts for IT tasks, and audit shared folders for Everyone:Full Control. Harden or disable external RDP; if you must keep it, enforce VPN plus MFA and restrict by source IP. SMB cybersecurity often fails on over-permissive shares and exposed RDP.

Keep a tight patch cadence: weekly for OS, browsers, VPN clients, Java/Adobe, and remote-access tools. Many ransomware crews exploit known CVEs weeks after disclosure. Use centralized patching and track compliance so exceptions are documented and temporary.

Use modern endpoint protection (EDR) with behavior-based blocking, not just signature AV. Verify agents are checking in, updating, and running tamper protection. Pair EDR with good logging (Sysmon or equivalent) and forward to a SIEM or MDR for alerting after hours.

Incident readiness matters: write a ransomware runbook that covers who to call, how to isolate a host, how to reset credentials, and how to communicate if email is down. Run a short tabletop quarterly so staff know the steps. Print a copy and keep it offline with key phone numbers.

If you need help designing layered ransomware protection, improving email security, or running tabletop exercises, HelpTek can build and manage a practical small-business security stack that fits your budget.