Ransomware coverage tends to focus on large breaches, but the businesses hit hardest are usually small ones — the thirty-person company with no dedicated security staff, a flat network, and backups nobody has tested in a year. The good news is that ransomware readiness at this size is not about expensive tooling. It is about three unglamorous fundamentals done properly: backups you can actually restore from, a network that does not let one infection reach everything, and a team that has practiced what to do. Here is how a small shop builds each one.
Backups: the part that decides everything
When ransomware encrypts your files, your recovery is only as good as your backups. The standard worth aiming for is "3-2-1": three copies of your data, on two different types of media, with one copy kept offline or otherwise out of reach of the network. The offline part is the piece small businesses miss. Modern ransomware actively hunts for connected backups and encrypts those too, so a backup drive that is always plugged in offers a false sense of safety. An immutable or air-gapped copy — one that cannot be altered or deleted for a set retention window — is what lets you say no to a ransom demand.
And a backup you have never restored is a hypothesis, not a safety net. Schedule a test restore at least quarterly. The first time most teams try, they discover the backup was missing a critical database, or that a full restore takes far longer than the business can afford to be down. Better to learn that on a calm Tuesday than during an incident.
Segmentation: stop one machine from becoming all of them
On a flat network, every device can talk to every other device, which is exactly how ransomware spreads from a single clicked attachment to the whole company in minutes. Segmentation breaks the network into zones — separating, say, the point-of-sale systems, the back-office machines, the servers, and the guest Wi-Fi — so that an infection in one zone cannot freely reach the others. For a small business this does not require a redesign; even basic VLAN separation and tightened firewall rules between segments dramatically shrink the blast radius. Pair it with the principle of least privilege on file shares so a compromised user account cannot encrypt data it never needed to touch.
Drills: the plan you have not rehearsed will not hold
An incident-response plan that lives in a document nobody has read fails under pressure. Run a tabletop exercise once or twice a year: gather the handful of people who would be involved and walk through a realistic scenario out loud. Who disconnects the affected machines? Who has the backup admin credentials, and are they stored somewhere that is not also encrypted? Who calls the insurer, and who talks to staff and customers? These exercises routinely surface gaps — a single person who is the only one who knows the recovery process, a contact list that is itself on the file server — that are cheap to fix beforehand and ruinous to discover during an attack.
Putting it together
None of these three require enterprise budgets, but they do require someone to own them and keep them current. A small business without in-house IT often gets there fastest with a managed services partner — a provider like Dytech Group can set up immutable backups, segment the network, and run the periodic restore tests and tabletop drills so readiness does not quietly lapse. Backups, segmentation, drills: get those three right and a ransomware infection becomes a bad day instead of an extinction event.
Top comments (0)