TheNetworkGuy209 logo
Cybersecurity

Ransomware Protection for Small Businesses: A 2026 Playbook

A practical, non-hype guide to stopping ransomware before it encrypts your files — controls, backup strategy, and what to do in the first 60 minutes of an attack.

The Network Guy 209
8 min read
July 12, 2026
Share

Ransomware is now a small-business problem

Most 2025–2026 ransomware victims are companies with 10–200 employees, not Fortune 500s. Attackers automate everything and go after weak MFA, unpatched VPNs, and exposed RDP.

The 7 controls that stop 95% of attacks

  1. MFA on everything — email, VPN, remote desktop, admin accounts. No exceptions.
  2. EDR (endpoint detection & response), not just antivirus.
  3. Patch within 14 days — OS, browsers, VPN appliances, firewall firmware.
  4. DNS filtering to block malicious domains before payloads download.
  5. Immutable backups — 3-2-1 rule, at least one copy cloud-based and immutable.
  6. Least-privilege — no daily use of local admin accounts.
  7. Security awareness training — quarterly phishing simulations.

The first 60 minutes of a ransomware event

  • Isolate infected devices from the network (unplug or Wi-Fi off).
  • Do NOT power off — memory holds forensic evidence and possible decryption keys.
  • Call your MSP and cyber-insurance broker immediately.
  • Preserve logs on firewalls, EDR, M365 and Google Workspace.
  • Do not pay without legal + insurance guidance — payments often violate OFAC rules.

Backup strategy that actually restores

A backup is only useful if you've tested restoring it in the last 90 days. We recommend:

  • Daily image-based server backups
  • Cloud replication with immutability (Wasabi, S3 Object Lock, Azure)
  • Monthly test restores of critical systems

Get a free ransomware readiness scan

The Network Guy 209 runs a free 12-point ransomware readiness scan for California businesses. Book yours today.

Frequently Asked Questions

What is the #1 way ransomware gets in?

Compromised credentials — usually a phished password on an account without MFA, or a stolen VPN login. MFA everywhere blocks the vast majority of these attacks.

Should we pay the ransom?

Not without legal counsel and your cyber-insurance broker. Payments can violate OFAC sanctions and only ~60% of payers get usable decryption keys.

How often should we test our backups?

Run a full test restore of critical systems at least quarterly, and spot-check individual file restores monthly.

Free IT Assessment

Need reliable IT support for your business?

The Network Guy 209 provides Managed IT Services, Cybersecurity, Cloud Solutions, Microsoft 365, Network Installation, Server Management, Data Backup, Disaster Recovery, and Website Development for businesses throughout Manteca, Stockton, Tracy, Lathrop, Ripon, Modesto, Lodi, Sacramento, the Bay Area, and across California.

TN9
Written by
The Network Guy 209

Managed IT & cybersecurity experts serving Manteca, Stockton, Modesto, Tracy and the Central Valley.

Related Articles

Get more IT insights like this

Monthly tips on cybersecurity, Microsoft 365, and small-business IT — written for Central Valley owners.