08/05/2026
How ransomware attacks happen
• Phishing emails with malicious attachments or links
• Fake software downloads or cracked software
• Exploiting unpatched software vulnerabilities
• Weak passwords or exposed remote access (RDP)
• Infected websites or USB drives
✅ DO’s
Security & Access Control
• Use Multi-Factor Authentication (MFA) for all critical systems
• Enforce strong password policies
• Disable unused accounts and services
• Apply the permissions users get only required access
• Separate admin accounts from normal user accounts
Patch & Update Management
• Keep operating systems, servers, firewalls, and applications updated
• Apply security patches regularly
• Remove unsupported or end-of-life software
Backup & Recovery
• Maintain regular backups
• Keep at least one offline/immutable backup
• Test backup restoration periodically
• Store backups separately from the production network
Network Security
• Segment networks (servers, CCTV, VMS, user PCs, OT systems)
• Restrict RDP and remote access
• Use VPN with MFA for remote connectivity
• Block unnecessary ports and services
• Monitor east-west traffic within the network
Endpoint & Server Protection
• Install and maintain EDR/antivirus solutions
• Enable ransomware protection features
• Restrict ex*****on of unknown applications
• Use application whitelisting where possible
Email & User Awareness
• Train users to identify phishing emails
• Block suspicious attachments and macros
• Use email filtering and sandboxing
• Conduct regular security awareness training
Monitoring & Incident Response
• Enable centralized logging and SIEM monitoring
• Monitor unusual login attempts and file encryption activity
• Prepare and test an incident response plan
• Maintain emergency contact and escalation procedures
Infrastructure Hardening
• Disable SMBv1 and insecure protocols
• Change default passwords on all devices
• Harden firewalls, NAS, VMS, and CCTV systems
• Secure Active Directory and domain controllers
Vendor & Third-Party Security
• Review third-party remote access permissions
• Monitor vendor accounts
• Ensure vendors follow cybersecurity standards
________________________________________
❌ DON’Ts
Access & Authentication
• Don’t use shared admin accounts
• Don’t reuse passwords across systems
• Don’t expose RDP directly to the internet
• Don’t leave default credentials unchanged
System Management
• Don’t ignore software updates
• Don’t run unsupported operating systems
• Don’t disable antivirus or endpoint protection
Backup Mistakes
• Don’t keep backups permanently connected to the network
• Don’t rely on a single backup copy
• Don’t skip backup recovery testing
User & Email Risks
• Don’t open suspicious attachments or links
• Don’t allow unrestricted macro ex*****on
• Don’t trust unknown USB devices
Network & Infrastructure
• Don’t keep all systems on one flat network
• Don’t allow unrestricted lateral movement
• Don’t expose critical infrastructure directly online
Incident Handling
• Don’t ignore unusual system behavior
• Don’t delay isolating infected systems
• Don’t pay ransom immediately without expert consultation
• Don’t delete logs after an incident
Policy & Governance
• Don’t operate without a cybersecurity policy
• Don’t skip periodic vulnerability assessments
• Don’t assume small companies are not targets
