What UK mid-sized firms can do today (high impact, realistic effort)
NCSC guidance for small and medium organisations and Cyber Essentials controls point to practical foundations: secure configuration, access control, malware protection, patching, and firewalls. These are not glamorous; but they are the quickest route to ransomware prevention and SME cyber resilience.
1) Make account takeover harder
* Turn on multi-factor authentication (MFA) for email, remote access, and admin accounts. MFA means a second proof, not just a password.
* Remove shared admin accounts; give named admin accounts only.
* Apply least privilege; most users do not need admin rights.
2) Break the attack chain after intrusion
Even strong prevention will not be perfect. Plan for “assumed breach”.
* Segment critical systems; separate finance, backups, and key servers from general user devices.
* Use separate admin accounts for daily work versus admin tasks.
* Block common lateral movement routes; restrict RDP, and limit admin tools to managed devices.
3) Make recovery boring and fast
* Keep tested offline backups for core systems; restore tests prove recovery time, not hope.
* Write a one-page “ransomware runbook”; who decides, who talks to insurers, who contacts IT, and how to isolate systems.
* Consider UK GDPR security measures; the ICO expects appropriate technical and organisational measures to protect personal data, and weak access controls often worsen incidents.
Quick checklist for directors and advisers
* Can we restore two critical systems from offline backups within 24 to 72 hours?
* Do admin and finance users have MFA enabled?
* Are backups protected from the same admin accounts used day-to-day?
* Is the network segmented, even minimally?
* Do we have an incident contact list and decision log template?
