Backup data regularly and keep a recent backup copy off-site.
Ransomware isn’t the only enemy of valuable data. Natural disasters, theft, a dropped laptop or even an accidental deletion cost time and money. Encrypted backup is best.
Do not enable macros in document attachments received via email.
Microsoft disabled auto-execution of macros as a security measure, so do not heed the malware prompt to enable macros.
Take care with unsolicited attachments and teach your employees to do the same.
If you are not sure about the safety of an attachment, do not open it.
Patch early and often.
Malware that doesn’t come in via document macros often relies on security bugs in popular applications, like Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.
Manage the use of privileged accounts.
No users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
Configure access controls, including file, directory, and network share permissions appropriately.
If users only need read specific information, they don’t need write-access to those files or directories.
Have security software installed and up to date.
With the thousands of new malware variants running every day, having a set of old virus definitions is almost as bad has having no protection.