Ransomware does not care how small your business is. It encrypts whatever it can reach and asks for money to give it back. Industry reports consistently place the average ransom demand for small businesses in the five-figure range, with average downtime stretching to three weeks. And in most cases, the infection was sitting on the network for days or weeks before anyone noticed.
You cannot prevent every attack. But you can make sure an attack does not end your business. The strategy on this page gives you three layers of backup so that when ransomware hits, you wipe the machine, restore from a clean copy, and get back to work — without paying anyone a dime.
Ransomware rarely announces itself the moment it arrives. Most strains sit quietly on the system for days, weeks, or even months before encrypting anything. During that dwell time, the malware is mapping your network, identifying backup locations, and spreading to other machines. By the time you see the ransom note, every connected backup may already be compromised.
This is called the discovery delay, and it is the reason a single backup drive is not enough.
The fix is not complicated: you need multiple backups taken at different times and stored in different places. If one is compromised, you fall back to an older, clean copy. You lose some recent work, but you keep your business.
Backups are a safety net — not a first response. Before thinking about recovery, make sure your machines are hardened against infection in the first place:
Each tier covers a different failure scenario. Together, they are designed so that no single event — not an infection, not a hardware failure, not a fire — can destroy all your copies.
Your first tier runs continuously in the background. Services like OneDrive, Google Drive, or Backblaze sync files automatically as they change. If a machine dies, your documents are already in the cloud. Most cloud providers also keep version history, so if ransomware encrypts your files, you can roll back to a pre-encryption version.
Once a year, create a full system image — operating system, applications, settings, everything — and write it to an encrypted external SSD. This is your nuclear option: if everything else fails, you can restore the entire machine to a known-good state. Label the drive, date it, and store it somewhere physically separate from your business — a safe deposit box, a locked cabinet at home, anywhere that is not plugged into your network.
A second drive on a six-month rotation gives you a mid-year checkpoint. If your annual image turns out to be compromised — meaning the malware was already present when you took it — you fall back to this one. Two drives at staggered intervals means the discovery delay has to span more than six months to poison both. That is rare enough to bet your business on.
Smaller businesses that handle minimal data may choose to start with just the annual drive. The six-month rotation adds a safety margin worth having, but even one air-gapped backup puts you ahead of most small businesses.
Use solid-state drives (SSDs) for your backup media, not traditional hard disk drives (HDDs). SSDs have no moving parts — no spinning platters, no read/write heads, no motors. That means no mechanical failure from being bumped, dropped, or stored in a drawer for a year. They are also faster to write and read, which matters when you are imaging an entire system.
Every backup drive must be encrypted. If the drive is lost or stolen, encryption is the difference between an inconvenience and a data breach. Use a long, unique password for each drive — a single-use passphrase that exists nowhere except in your password manager and on a sealed, dated envelope stored in a separate physical location.
| Tool | Cost | Encryption | Notes |
|---|---|---|---|
| Macrium Reflect Free | Free | AES-256 built in | Full disk image with scheduling. Industry standard for Windows imaging. Bootable rescue media included. |
| Veeam Agent for Windows | Free (personal) | AES-256 built in | Enterprise-grade backup engine. Full image, file-level, or volume-level backup. Free for up to 10 workstations. |
| Windows Backup (built-in) | Free | BitLocker (Pro/Enterprise) | Create a system image via Settings > Update & Security > Backup. Requires BitLocker for encryption, which is only available on Windows Pro. |
| Spec | Recommendation | Why |
|---|---|---|
| Capacity | 1 TB minimum | A typical Windows workstation image is 40–100 GB. 1 TB gives room for multiple images or larger systems. |
| Interface | USB 3.0 or USB-C | Fast enough to write a full image in under 30 minutes |
| Form factor | 2.5″ portable | No external power supply needed. Fits in a desk drawer or safe deposit box. |
| Encryption | Software (Macrium/Veeam) or hardware (Samsung T7 Shield, etc.) | Hardware-encrypted drives add a layer of convenience but software encryption works fine |
| Cost | $60–$100 per drive | A one-time cost. You need two drives for the full strategy. |
Backups are your recovery plan. These measures reduce the chance you need to use them.
The full backup strategy is a one-time hardware purchase plus the cloud sync you probably already have:
| Item | Cost | Frequency | Notes |
|---|---|---|---|
| Cloud backup (OneDrive/Google Drive) | $0–$6/mo | Monthly | Often included with Microsoft 365 or Google Workspace. Free tiers may be sufficient for small businesses. |
| Encrypted SSD — Drive A (annual) | $60–$100 | One-time | 1 TB portable SSD. Lasts years with annual refresh. |
| Encrypted SSD — Drive B (semi-annual) | $60–$100 | One-time | Second drive for six-month rotation. Optional for very small businesses. |
| Imaging software | Free | One-time | Macrium Reflect or Veeam Agent — both free for personal/small business use |
The strategy only works if you actually do the backups. Add a recurring calendar event now — it takes ten seconds and guarantees you will not forget six months from now.
Calendar links open in a new tab. Events are set to repeat automatically. You can adjust the time or add notes after creating the event.
Product names, pricing, and free-tier availability are as of 2026. Verify current pricing and availability before purchasing.
This guide is provided for educational and portfolio purposes. It reflects general best practices and does not constitute professional security consulting for your specific environment. Consult a qualified professional for your business’s security needs.