It is a simple way to protect your company against ransomware attack. Ransomware is not new, but it becomes new focus internet security in the last 2 years because of the massive attack scale.
Before you invest tens of thousands of dollars in cyber security solution I advise you to perform some simple steps which reduce the risk of infection with more than 85%. This simple step does not cost any money and you already have the resources in your company to implement it.
First step is a reactive step and I think you already applied it complete or partially. This first step is to have backup to all your important data and I think most of the companies already have this. But it is not enough to have this. You must be sure that the backup can be restored correctly and after restore all the important applications works well. This step is not implement periodically into the company and the company do not have clear calendar for this. I advise you to restore the backup periodically and to be use that all restore data works well.
I do not talk here about having all systems up to date and to have an antivirus solution (I recommend Bitdefender which is a good Romanian made solution, they build right now Bitdefender box, a router with security solution build in which can protect all your connected device).
The other step that I advise you to perform is a proactive step. This step consists in a training process to all your employee, this training must be focus to not open email that can be have suspicions. You must learn your employee how it can identify suspicious email from legitim one. You must teach them to look for email address not only for name of person who send an email. If the email address has a suspicious domain they must forward that email to the IT department and never, never click on link or open attachments. This training process is very simple if IT department made a video and share with all your employee and then see witch employee do not see the movie. Statistics told us that more and more of this cyber infection attack is based on the user action. If you train your employee you reduce the risk of infection with 85%.
But you must do not stop at this step. On certain period of time your IT department must send fake email to all your employees to see how many employees click on the email link and open the attachments. For those people you must train again and all this process must be repeat every few months.
After you implement this in your company then you must take in consideration to invest tens of thousands of dollars in cyber security solution which will cover the rest of 15% of risk. If you do not train your people all the cyber security solution that you buy it to protect against infection it does not work for long period of time. The week portion in this chain in security is your people and if you have poor train people you have a big security gap and no solution can protect against this gap.