Every firm needs to devise a plan as to how it will respond not simply to malware in general but extortion specific attacks such as DDoS, ransomware, web defacement, data breaches or a combination of all of the above. Having backups is a start but not on its own enough.
For small companies, the best place to start is to find an expert third-party consultancy, preferably one that can prove it has business experience of dealing with such attacks. This partner will also be able to advise on the vulnerability of the network, which is to say outline the sort of damage a typical attack could do and how quickly. Reconfiguration might be necessary.
Most of important of all, companies shouldn't wait for trouble to strike. Ransomware is not a new threat but it shows no sign of going away, far from it. It is evolving and the targeting is becoming better and better. Every and any company is at risk. Don't ignore it; give yourself a chance by understanding the enemy.
Sign up for CIO Asia eNewsletters.