6 ways to protect your business from a ransomware attack

All businesses are targets for ransomware attacks and fraud

Small businesses are just as susceptible to ransomware as large corporations. Approximately 88% of small business data breaches in 2025 were ransomware attacks.¹ Ransomware is malicious software (malware) that encrypts a company’s or user’s files and restricts access until ransom is paid. If you have files that are valuable to you or contain sensitive client information, you may be a target of a ransomware attack.

6 preventative strategies to protect your business from ransomware

Over the past few years, ransomware attacks have increased. Federal agencies and private companies have issued recommendations to keep your company safe.

1. Update systems and applications regularly.

Install system and software updates as soon as they become available. Take advantage of automatic update settings to make sure you and your team are always running the most up-to-date and secure operating system.

2. Back up often and offline.

Routinely back up important files, especially those critical to business operations and anything of sentimental value. To reduce the risk of ransomware targeting the backup files, backups should not be connected to the company network. Offline backups allow easier system restoration in event of a ransomware attack.²

3. Limit connectivity between operations.

Ransomware attacks may target industries with separate operations, like manufacturing, to halt output. Companies should reduce network access between each function (operations, corporate, etc.) and develop processes to continue operating if another function is the target of a ransomware attack. These may include manual controls or other strategies. Regularly practice and test these as part of your incident response planning.³

4. Be vigilant about attachments, links, and apps.

Ransomware can be disguised as a link or attachment in an unfamiliar or spam email, or as an ad on a compromised site. Update your email security and consider investing in a filtering tool for emails and antivirus software to protect from other sources of malware. Security awareness training is an effective preventative tool, especially for malicious ads that may be tempting to click. Make sure you and your team are aware of online security risks and how to address any suspicious messages or ads you receive.⁴

5. Install security software – and use it.

Install and maintain firewalls and anti-malware software to reduce malicious activity on your network.

6. Develop a response plan.

As you review and maintain incident response plans, include questions and scenarios related to ransomware attacks. Consider how long your business could operate without certain systems, if you would shut down operations if critical business systems were compromised or offline, and other potential scenarios. Looking for Incident Response Plan best practices? Start here.

Call your local branch to discuss options to protect your accounts. First Financial Bank offers additional ID security on your online accounts and we are dedicated to protecting your hard-earned assets. Explore how to respond if your company experiences a ransomware attack.