Small Business Guide to Ransomware

The IT Lab will help small businesses build resilient cybersecurity defences. We understand how important it is to not only protect your business but also those you look after. To help you on your journey, we have put together this guide.

What is Ransomware?

Ransomware is a type of malware that infects your computer, network systems, and the data held on them. The data becomes encrypted by the hacker, with access blocked until the ransom has been paid. While you might expect to regain access to your data once the ransom has been paid, there have been numerous cases where the data has not been returned. There are many variations and ways to distribute ransomware, however, the majority of ransomware is distributed via targeted attacks and phishing. By clicking on a suspicious link, opening an email from an unknown user, or downloading malicious files, the ransomware strain will gain direct access to the computer and data. Once the machine has been infected, the malware will begin to encrypt the data.

Ransomware is malicious. It could strip your business of the ability to function, destroy your data, and cripple your funds. The need to better protect your business and those you protect has never been greater. In the following blog article, you’ll learn how to do just that.

Add Multi Factor Authentication to Microsoft 365/Google Workspace, Management Tools, and Cloud/SaaS apps.

Enabling and enforcing MFA to all 365/Google Workspace accounts is the number one security recommendation for all small businesses. However, MFA should also be enforced by default for every web application that is used by the business without exception. Furthermore, as many small businesses outsource their I.T. to third-party support companies, such parties need to demonstrate that they enforce MFA on their Remote Monitoring and Management platforms.

Deploy third-party Email Security protection

91% of cyber-attacks start with an email, and with over 250 million active business users now using Microsoft 365, advanced security for 365 has become a major focal point and a critical piece of the overall security puzzle. The conventional wisdom has been to protect your Office 365 tenant with a dedicated third-party security solution to bolster your defences, with individual solutions offering a range of benefits beyond Microsoft’s own offerings. However, Microsoft has placed a strong focus on security in recent times, and now Microsoft’s own security offerings provide an incredibly powerful alternative without necessarily needing to add another third-party solution into the mix. Although Microsoft Defender for Business is available at an additional cost, its merits need to weigh up against third-party offerings.

Deploy Web Security

Block users from accessing malicious websites by deploying a web security agent to every endpoint. This solution will block users from sites where malware, ransomware, phishing, and botnets are present. A platform such as Cisco Umbrella or Sophos Cloud Protection combines multiple security functions into one solution, so you can extend protection to devices, remote users, and distributed locations anywhere. For malware to spread it first needs to "call home" to the host site, so if this pathway is blocked, malware can be sandboxed and isolated. Furthermore, Small Businesses should also consider implementing a URL filtering policy. Through URL filtering, you can limit your exposure to liability by managing access to web content based on a site's categorisation. The URL Filtering policy consists of rules that you define. When you add a rule, you specify criteria, such as URL categories, users, groups, departments, locations, and time intervals.

Lock Down your Perimeter Firewall

Protecting your perimeter firewall helps to better protect you against hackers. When you leave ports such as RDP open you become vulnerable to malicious attacks. First, you need to lock down all direct connections to Remote Desktop or similar services. If you do need to publish RDS, do so using a Remote Desktop Gateway server and protect the gateway with an SSL VPN. There is no reason to leave RDP open on the internet, if it is open, shut it down today.

Introduce a Lockout Policy

A lockout policy enables administrators to determine how long a user should be locked out of their account. For example, if a user were to forget their password a certain number of times, the user would automatically be locked out. This enables the administrator to ensure that an attacker can’t use a dictionary or a brute force attack to try and guess the user's password. This process is free and can be completed in no time at all. Admins need to simply set the default lock policy on computers to 10 minutes, or a reasonable number. Leaving machines unlocked or forgetting your password will leave your machine vulnerable to cyber-attacks. Always assume hackers have the means to exploit any computer at any time and start locking your machine or setting lockout group policies.

Patch your servers and endpoints

Did you know that you can have the best security software in the world, and at best it will be 75% effective if your computers are not patched and up to date? As you can see, patching is not optional. When updates are released, they broadcast an operating system's vulnerability to the world. Always make sure your machines are up-to-date and patched with the latest software as soon as the patch is released.

Disable Macros

Macros are automated input sequences used to imitate mouse actions and keyboard clicks. These programmable patterns are then used to automate work and trim down the time it takes to complete tasks on programs such as Microsoft Excel and Word. Unfortunately, hackers can exploit macros, turning them into malicious viruses that will hijack machines. With so many businesses across the globe now using automated programs to complete tasks, macro attacks are dramatically increasing. You can avoid macro attacks by simply disabling them on your machine using a group policy or doing it manually. If you don’t need them, it’s better to disable them before it’s too late.

Mandate strong passwords

Using a strong and secure password is a vital step when it comes to better protecting your data. Hackers are extremely clever. They use software to crack passwords, enabling them to crack even the toughest of passwords. Having a long and complex password full of numbers, capital letters, special characters, etc, will help your data stay protected. There are a wide variety of password generator tools available, and password managers, which will help you generate an un-hackable password and keep your data safe. The more you do to protect your data, the harder it will be for hackers to gain access to it.

Restrict domain Admins

Monitoring your domain admin group is a vital step to becoming better protected. It is important you know who operates within this group and when new users are added. If a user is added without permission, or without the need to be a domain admin, you will increase the risk of a security breach. Your group should be limited to the minimum and monitored closely for any suspicious activity. If a hacker already has access to your system, it won’t take them long to insert themselves as a domain admin. In doing so they will have access to every machine, across every network.

Once they carry out their attack, the effects will wreak havoc. Locking down your domain admin group will stop this from happening. It’s important to get ahead of the game before the hacker even has the chance to win.

Monitor local Admins

It is important to note that users who are local administrators can knowingly and unknowingly make changes to their system which can allow malware to infect the operating system. It is also worth noting that you won’t want to add domain user groups to the administrator group. If an attack is going to happen, doing the above will enable the attack to wreak havoc on your machines and network. Make sure you remove regular user accounts from the local administrator’s group. That includes your own account. If you need administrator access, use a second login.

Educate your users

It is also worth noting that employees should be made aware of these steps, so they can take the time to educate themselves about the importance of cybersecurity. Employees tend to be the weakest link, so getting them up to speed, and trained on the latest security software will only help strengthen your efforts. The good news is that it has never been easier to train your employees and create customised education programs.

Have documented IT Policies

Only 32 percent of small businesses have cybersecurity measures and formal policies in place (compared to 61 percent of large firms) Just 19 percent of small businesses provide cyber security training for staff; and small businesses are less likely than large firms to seek guidance, information, or advice on cybersecurity concerns. Whether your business is big or small, IT security breaches aren’t an ‘if’ but a ‘when’. That means your business can no longer afford not to secure itself with a policy, at the very least.


The IT Lab are small business experts and we have developed a standardised cyber security strategy to mitigate exposure to Ransomware. This is a multi-pronged approach that harnesses the guidance as set out in this article in conjunction with the deployment of best-of-breed security solutions such as Cisco Umbrella and Microsoft 365 Defender for Business.

Furthermore, by adopting our guidance your small business will already have met the criteria to get Cyber Essentials Certified.