Finally, if your cloud backup service loses your data permanently, find out the limit of the vendor's liability. Hint: It'll probably be less than the value of your company.
Improve end-user education
Most ransom events start with phishing attacks and malware. I've talked for years about how to prevent both: perfect patching, end-user education, and good old antimalware software.
Most companies' end-user education programs are horrible, both cursory and antiquated. Today's phishing attacks are not your parent's phishing attacks, full of typos and language problems. Just read The Onion's (actual, serious) account of the Syrian Electronic Army's phishing attack last year.
The SEA group not only used multiple campaigns, each appearing more internal than the last, but it was prepared for the Onion's IT group sending out an email saying all passwords would be reset -- and issued its own password-reset email, allowing it to capture even more logon credentials.
After reading this account, I can tell you that the vast majority of end-user education programs are not sufficiently sophisticated to prevent havoc. They can be, but administrators have to step up their game.
Without doubt, ransom attacks will continue to grow. Is your company prepared?
Sign up for CIO Asia eNewsletters.