Following a year of intensifying cyberattacks on small businesses and government agencies, experts across a number of sectors got together to figure out strategies for defending against such attacks. The trend of targeting smaller businesses (which are likely to have fewer resources to defend themselves) continued into 2021 with companies of 500 employers or fewer accounting for 70% of all attacks. With these businesses held at a standstill and millions of dollars changing hands to unlock systems and return documents, something had to be done.

A Ransomware Task Force of experts developed a Ransomware Blueprint which provides specific actions businesses can use to defense themselves and keep their businesses up and running. Recommendations include:

1. Know your network. Keep a registry of software, hardware, and data you’ve saved to the cloud. Pay particular attention to sensitive data including customer personal data and financials.
2. Restrict permissions. The more people with access, the more opportunities for security lapses, so restrict admin permissions to your network to a limited few.
3. Train train train. Make online security a priority and a team responsibility. Provide regular training to remind employees of how they can (and must) support network security in the workplace.
4. Update your anti-malware software. Most ransomware attacks start with malicious email attachments or web browsers, so make sure your anti-malware software is patched and up to date.
5. Implement multifactor authentication. Even though it’s tedious for the user, setting up multifactor authentication is critical to verifying your employees’ identity and stopping attacks.
6. Back up your data. In the event that an attacker gets in, they can’t hold your content for ransom if you have copies elsewhere. So, regularly back up your data, encrypt that data, and store it somewhere other than on the cloud.

One final piece of advice from the Ransomware Taskforce is to consider a cyber insurance policy. Diligent cyber attackers may still get in—despite your best efforts—and the costs to unlock files, manage downtime, hire incident response pros, and repair any damage will escalate quickly. Insurance may not be able to get back all your data, but it can help mitigate the costs of the attack.