Ransomware response starts long before an incident. This checklist focuses on controls that actually reduce downtime and recovery cost.
Use 3-2-1 backups with at least one immutable/offline copy. Test restores monthly.
Enforce MFA on email, VPN, cloud admin, and remote access tools. No exceptions for admin accounts.
Block unsigned scripts, disable unnecessary macros, and enforce least privilege on endpoints.
Prioritize internet-facing systems and remote access software first.
Define who decides containment, comms, legal outreach, and business continuity in first 24 hours.
EdgeIQ monitoring + reporting helps keep backup, exposure, and phishing controls on a repeatable schedule.
View plans →