Ransomware is the nightmare scenario: you arrive at work to find every file encrypted and a demand for payment to get them back. For a small business, it can mean days of downtime, lost data and serious financial damage. The defence isn't a single product - it's layers.
What is ransomware?
Ransomware is malicious software that encrypts your files and demands a ransom (usually in cryptocurrency) for the key to unlock them. Modern attacks often also steal your data first, threatening to publish it unless you pay - so even good backups don't fully remove the pressure.
Most infections start with a phishing email or an unpatched, internet-facing system.
Why a layered approach?
No single control stops everything. The goal is defence in depth: if one layer fails, the next catches the attack. Here are the layers every SME should have.
Layer 1: Stop it getting in
- Email filtering and staff awareness to block the most common entry point.
- Patch management to close the vulnerabilities attackers exploit - see patch management explained.
- Firewalls and secure configuration to reduce your attack surface.
Layer 2: Limit the damage
- Multi-factor authentication (MFA) so stolen passwords don't unlock your systems.
- Least-privilege access - staff (and especially admins) only have the access they need, so an infected account can't reach everything.
- Endpoint protection that detects and isolates suspicious behaviour.
Layer 3: Recover no matter what
This is the layer that saves businesses. If you can restore clean data quickly, ransomware becomes an inconvenience rather than a catastrophe.
- Reliable, tested backups following the 3-2-1 rule, including an offline or immutable copy attackers can't encrypt.
- A disaster recovery plan so you know exactly how to get back online - see building a business continuity plan.
Should you ever pay?
The official advice (and ours) is no. Paying funds criminal activity, marks you as a target, and offers no guarantee you'll get your data back. Investing that money in prevention and recovery is always the better choice.
The bottom line
Ransomware protection isn't about buying one magic tool - it's about layering sensible controls so an attack is unlikely to succeed and survivable if it does. The businesses that recover fastest are the ones that prepared. Want a ransomware-readiness review? Request a callback or see our IT support service.
Frequently asked questions
How can a small business protect against ransomware?
Keep offline or immutable backups, patch promptly, enforce multi-factor authentication, use strong endpoint protection and train staff to spot phishing, which is the most common entry point.
Should we pay a ransomware demand?
Authorities advise against paying, as it funds crime and offers no guarantee of recovery. Reliable, tested backups are the safest way to recover without paying.
How quickly can we recover from ransomware?
With good backups and a tested recovery plan, many businesses recover within hours to a day. Without them, recovery can take weeks or may not be possible at all.
