Mako Logics
Call

Blog / Cybersecurity

Ransomware Readiness Checklist for Houston SMBs

Β·8 min read

Ransomware is the single most financially damaging IT event most SMBs will ever experience. The good news: it's preventable with a short list of controls. The better news: even if it happens, recovery is possible if you've prepared.

The prevention checklist

  • MFA everywhere (email, VPN, RDP, admin accounts, SaaS)
  • Endpoint Detection & Response (EDR), not just antivirus
  • Segmented backup network (backups on a separate identity domain)
  • Immutable backup copies (attacker can't encrypt what can't be modified)
  • Patch management that actually runs (not just 'scheduled')
  • Email security with anti-phishing + attachment sandboxing
  • Phishing awareness training for every user
  • No direct RDP exposed to the internet. Ever.
  • Admin accounts separated from user accounts
  • Logging centralized and monitored

What almost nobody does correctly

Most ransomware incidents we see failed in the same way: the attacker got initial access through phished credentials, moved laterally because there was no segmentation, found the backups on the same network, encrypted them first, then encrypted the production environment. By the time the victim noticed, there was nothing clean to restore from.

The two controls that would have stopped this in most cases: MFA (prevents the initial access), and segmented backups (preserves recovery even after access).

If it happens anyway β€” the first hour

  • Disconnect (not shut down) affected systems from the network
  • Do not pay anything, promise anything, or communicate with the attacker until you've talked to IR professionals
  • Call your incident response provider (or your MSP if they handle IR)
  • Call your cyber insurance carrier
  • Preserve logs β€” do not let auto-rotation destroy evidence
  • Decide whether to engage law enforcement (FBI field office)

The cyber insurance question

Cyber insurance has saved a lot of SMBs. It's also gotten harder to get and more expensive. Insurers are now requiring MFA, EDR, backup testing, and other specific controls before they'll write a policy. The flip side: having those controls gets you materially better premiums.

If you don't have cyber insurance today, get a quote. If you do, make sure you're in compliance with the policy's control requirements β€” because insurers have started denying claims when they find out the insured wasn't actually running the controls they attested to.

Talk through your situation.

The articles cover the general shape. Your specific situation deserves a real conversation.

Schedule a 15-Minute Discovery Call