Essentials explained
What are ransomware attacks and how can I prevent them?
Ransomware is one of the fastest-growing cyber threats facing small businesses today, and no company is too small to be a target. These attacks can lock you out of your systems, steal sensitive data, and demand payment to restore access.
This guide breaks down what ransomware is, how it works, and the practical steps you can take to protect your business.
October 08, 2025
5 minutes
Ransomware is malicious software that’s installed by cyber criminals. The aim is to block access to your computer systems or data, to steal sensitive information or both. The attackers will demand a payment to stop this happening.
Small and medium-sized businesses are often a target for cyber crime, as many don’t invest in the IT resources or training to protect themselves. Whatever your company’s size, it’s vital to understand how to stay as secure as possible.
Protect the most important parts of your business first. Regularly back up sensitive data, install anti-virus programs on every device and keep all software updated. And make sure everyone has regular security awareness training and reminders on how to stay safe.
Ransomware is a type of malicious software, or malware, that can cause damage to your company in one or both of the following ways:
- By blocking access to your computer systems and data.
- By extracting the digital data you hold within your business (such as employee or customer information or your intellectual property), which can be used for criminal purposes.
Typically, attackers will infect your business with the malware and then demand money to restore access to your systems, hence the name. They may also ask for an additional payment to stop them publishing or selling on the data they have stolen.
The impact of a ransomware attack can be enormous. It may mean your business is unable to function, or it might cause reputational damage that results in a major loss of trust among your customers.
Small businesses are popular targets for cyber crime, as they often don’t invest in the IT resources or training to protect themselves.
Many small businesses think they’re too small to target, but cyber criminals actively choose small and medium-sized companies as they expect that they won’t have enterprise-grade defences. No business is too small.
How ransomware attacks happen
Ransomware usually enters a business via one of the following routes:
- Phishing emails, which are sent by criminals pretending to be someone else and possibly containing an infected attachment or a link to one of the below.
- Malicious or insecure websites.
- Infected software or apps.
Opening an infected app, downloading malicious programs or clicking on suspicious links can cause the ransomware to be automatically installed onto a computer or mobile device. From there, it will spread into your company’s systems.
How to protect your business
- Regularly back up important data to a secure location. Having at least one copy safe will help you to keep your business running while you resolve the situation.
- Understand what your business needs to access to continue to operate in the event of an attack. Then protect those parts in layers. For example, if your customer relationship management and web servers are the most critical thing, install endpoint detection and response (EDR) software on those systems first, and this will continuously monitor for cyber threats. Then, enable multi-factor authentication (where you are sent a code to another device to log in) and change your password regularly, keeping it complex.
- Ensure anti-virus security programs are installed on every device that is connected to the internet. And make sure all software and operating systems on these devices are kept up to date. The most recent versions will be the most secure.
- Limit the availability of sensitive data. Work on a ‘need to know’ basis. For example, your receptionist won’t need to view your company’s HR records. The fewer people who have access to data, the less likely it is to be breached.
- In a test, 56% of employees couldn’t tell the difference between real email and phishing attempts, according to payments provider Dojo. So, regularly remind your team to stay alert to anything that might be suspicious and ensure they undergo regular training that covers the risks of ransomware attacks.
Should I pay the ransom?
If you’re the victim of a ransomware attack, you may be tempted to pay up so you can have everything restored as soon as possible. However, in some countries and industries, it’s illegal to do so.
What’s more, aside from the fact it may encourage cyber criminals to hit you again later, there’s no guarantee they will do what they say. ‘Double extortion’ is now a normal practice: for example, attackers may restore your systems but threaten to publish the stolen data without an additional payment.
If that happens, the implications can be even more severe. Most companies can cope with some downtime, but many may not survive the reputational damage of data theft. There are also GDPR implications, as you can be fined up to 4% of your annual global turnover for a data breach.
Therefore, when it comes to ransomware, prevention is far better than cure.
Key takeaways
If you only remember three things, make them these:
- Regularly back up your data to a secure location.
- Protect your most essential systems first, make sure all devices have anti-virus security programs installed and keep all software and operating systems up to date.
- Frequently remind employees of the risks of ransomware and phishing attacks and ensure they undergo regular security awareness training.
