Prepare your front line of defense: Our survey respondents revealed that phishing, a lack of cyber security training and weak passwords are the top three causes of successful ransomware attacks. Too often, employees aren’t familiar with the signs of ransomware and therefore make their companies vulnerable to attacks. To mitigate the risk, it’s imperative to provide regular and mandatory cyber security training to ensure all employees can spot and avoid a potential phishing scam in their inbox, a leading entry point for ransomware.

Have a continuity strategy: There’s no sure way of preventing ransomware, although antivirus, perimeter protection, and patch management are essential. Datto’s survey revealed that Business Continuity and Disaster Recovery (BCDR) is ranked as the No. 1 solution for combating ransomware, with 92% of respondents stating that clients with BCDR products in place are less likely to experience significant downtime after a ransomware attack. A solid, fast and reliable BCDR solution should be one part of the strategy to maintain operations despite a ransomware attack. Since ransomware can easily spread across networks and SaaS applications, endpoint and SaaS backup solutions designed for fast restores are also critical.

Leverage multiple solutions to prepare for the worst: Today’s standard security solutions are no match for ransomware which can penetrate organizations in multiple ways. Reducing the risk of infections requires a multilayered approach rather than a single product. These layered approaches can include BCDR, employee training, patch management, unified threat management, antivirus/anti-malware software, and more.

Have a dedicated cybersecurity professional to ensure business continuity: SMBs often rely on a “computer savvy” staff member to handle their IT support and not an IT expert. Our survey reveals that downtime costs are up by 200% year-over-year, and the cost of downtime is 23x greater than the average ransom, so it is well worth the investment to hire an individual who is focused on keeping your business and your customers safe. If a company cannot afford a complete IT staff for 24/7 cyber security monitoring, they should be leveraging a managed service provider (MSP) that has the time and resources to anticipate and protect a company from the latest cybersecurity threats.