Ransomware Protection for SMBs

Small businesses are targets, not bystanders

There is a comforting myth that ransomware is a big-company problem. The reality is the opposite. Attackers run automated campaigns that do not care how large you are, and smaller organisations are often easier to compromise because they have fewer defences and rely on the same shared tooling. Recovery is brutal: lost data, days of downtime, and a ransom decision no one wants to face. The encouraging part is that effective protection is layered and affordable, and most of it is configuration rather than expensive product.

Backups are your real insurance

If you remember one thing, remember this: good backups are what turn a catastrophe into an inconvenience. But not just any backups. Modern ransomware deliberately seeks out and encrypts backups too, so they must be designed to survive an attack. The widely used guideline is three copies of your data, on two different types of media, with one kept off-site and, critically, offline or immutable so attackers cannot reach it.

Test your restores. A backup you have never restored from is a hope, not a plan. Run a recovery drill periodically and time how long a full restore actually takes, because that number is your worst-case downtime.

Close the doors attackers walk through

Ransomware usually arrives through a small number of well-worn routes: phishing emails, exposed remote desktop, and unpatched software. Shutting these reduces your exposure dramatically.

• Never expose Remote Desktop Protocol directly to the internet. Put it behind a VPN or zero-trust access, or remove it entirely.
• Patch operating systems and key applications promptly. Many attacks exploit vulnerabilities that were fixed months earlier.
• Enforce multi-factor authentication everywhere, so a stolen password alone is not enough to get in.

These are not glamorous, but they block the majority of opportunistic attacks before they begin.

Detect early and limit the blast radius

Prevention is never perfect, so you also need to catch an intrusion before it spreads and to contain it when it does. Endpoint detection and response tools watch for the behaviours ransomware exhibits, such as rapid mass file encryption, and can isolate an affected machine automatically. Network segmentation matters too. If your finance systems, your general office network, and your servers are separated, an infection in one area cannot trivially reach the others.

Limiting user permissions helps here as well. Most staff do not need administrator rights on their machines, and removing them stops a lot of malware from gaining the foothold it needs.

Your people are part of the defence

The first click in most ransomware incidents is a person opening something they should not have. Regular, practical security awareness training, including simulated phishing, measurably reduces that risk. The aim is not to shame anyone but to build an instinct to pause on unexpected attachments and to make reporting a suspicious email easy and blame-free. A team that reports quickly gives you precious time to respond.

Decide your response before you need it

If the worst happens, you do not want to be making decisions from scratch. Know in advance who you call, how you isolate affected systems, and that paying a ransom is no guarantee of getting data back. A short, rehearsed plan keeps a bad day from becoming a disaster.

Understand what cyber insurance does and does not cover

Cyber insurance has become a common part of the response, but it is widely misunderstood. A policy can help with the costs of recovery, legal advice, and notification, and insurers often provide access to incident-response specialists who have seen these attacks before. What insurance does not do is prevent the attack or absolve you of doing the basics. In fact, the trend has run the other way: insurers increasingly require evidence of controls like multi-factor authentication, tested backups, and endpoint detection before they will offer cover at a sensible price.

Read the policy carefully, because exclusions matter. Some policies will not pay out if you cannot demonstrate that agreed controls were in place, which turns the application questionnaire into a useful security checklist in its own right. Treat insurance as a backstop for residual risk, not a substitute for defending yourself.

Practise the recovery, not just the defence

Most ransomware preparation focuses on keeping attackers out, which is right, but the organisations that come through an incident well are the ones that have rehearsed getting back up. Walk through a full recovery on paper, and ideally in practice: which systems come back first, who restores them, where the clean backups are, and how you confirm the environment is genuinely free of the attacker before you reconnect it. The order matters, because restoring infected systems or reconnecting too early simply reinfects everything you have rebuilt. Knowing your real recovery time, measured rather than guessed, lets you set honest expectations and decide where to invest in faster recovery.

How BSH can help

BSH Technologies builds layered ransomware defences sized for SMEs, from immutable backups and tested recovery to endpoint detection, segmentation, and staff training. If you are not confident you could recover from an attack tomorrow, we can help you close the gaps before they are tested for you.