Ransomware Protection: The Executive Playbook (From 30 Years on the Front Lines)
(By Tom Hermstad, CEO of HD Tech — 30 Years of Keeping Businesses in Business)
Ransomware is digital blackmail. Criminals encrypt your data, shut down your operations, and demand a steep payment to restore access. They target small-to-mid-sized businesses for one reason: you are the “sweet spot.” You’re big enough to pay a six-figure ransom but often lack the full-time, dedicated security teams of a Fortune 500 company.
You don’t need an army; you need a plan built on non-negotiable fundamentals. The vast majority of attacks are stopped cold by three things: Multi-Factor Authentication (MFA), tested offline backups, and consistent employee training. We’ve proven this model for three decades.
Do not react; respond.
- Isolate: Immediately disconnect infected systems from the network to stop the spread.
- Call: Contact your IT security partner to activate your response plan.
- Do Not Pay: Paying the ransom funds their next attack and gives you no guarantee of getting your data back. Prepared leaders win by restoring, not negotiating.
The 30-Year Playbook for Business Resilience
Lessons from Three Decades on the Front Lines
At HD Tech, we’ve been on the front lines since 1995. We’ve watched the battlefield evolve from simple floppy-disk viruses to sophisticated, AI-driven ransomware gangs.
The tactics always change, but the goal is always the same: find the weak spot, cripple your operations, and force you to pay.
We’ve seen construction firms unable to make payroll, law offices lose irreplaceable client records, and manufacturing lines go dark—all because one person clicked one bad link.
After 30 years, our core advice is simple: Prepare for when you get hit, not if.
The 5 Non-Negotiable Pillars of Ransomware Defense
This is the playbook. As a leader, you must demand these five things are in place.
- Multi-Factor Authentication (MFA) Everywhere This is the single most effective defense against credential theft. If your email, VPN, and financial applications can be accessed with only a password, you are leaving the front door unlocked. It must be non-negotiable.
- Tested, Offline (Immutable*) Backups A backup is useless if it’s corrupted or encrypted along with your live data. You must have daily, automated backups that include an offline (or “air-gapped”) copy. We run monthly restore tests for our clients. A backup is just a file; a tested restore is a lifeline.
- Relentless Patch Management Attackers love old software; it’s a documented, known vulnerability. Your systems—from servers to laptops—must be patched and updated religiously. This cannot be optional. Assign clear accountability for it.
- A Trained and Skeptical Team Your people are your most critical sensor. You must run regular, simulated phishing tests to build muscle memory. Train them to spot suspicious links and attachments. Build a culture where it’s praised to ask, “Is this email legitimate?” before clicking.
- A Written Incident Response (IR) Plan When an attack hits, panic is the enemy. You need a simple, documented playbook. Who is the first call? What systems get disconnected first? How do you communicate with staff and clients? An IR plan turns a catastrophe into a manageable process.
The Executive View: Cyber Risk is Business Risk
This is not an IT problem; it’s a core leadership responsibility.
For CEOs: You are protecting the company’s reputation and the client trust you’ve spent years building.
For CFOs: You are preventing a catastrophic, unbudgeted financial event that can wipe out a quarter’s profit.
For COOs: You are defending the company’s fundamental ability to operate, serve clients, and meet deadlines.
Cybersecurity is no longer a line-item expense—it’s a prerequisite for doing business.
Why 30 Years of HD Tech Experience Matters
Our 30-Year Recovery Record: 100% of HD Tech clients who have been hit by ransomware while under our protection have recovered their data without paying a single cent.
Three Decades of Proof: Founded in 1995, we have kept businesses running through every major security wave and economic cycle.
Certified, U.S.-Based Experts: Our team holds top-tier certifications from Microsoft, Cisco, and CompTIA Security+. We don’t just talk about security; we live it.
Client Testimonial: “When ransomware hit at 2 AM on a Saturday, HD Tech was on it before our team even knew. They isolated the threat, restored from backup, and had us fully operational by Monday morning. No data lost. No ransom paid.” — COO, Manufacturing Firm
Our Core Belief: Preparation beats luck. Thirty years of keeping companies safe proves it.
Executive Action Checklist: Ask These 5 Questions Today
- Are all our remote access, email, and financial accounts protected with MFA?
- When was our last successful, documented backup restore test?
- Who is explicitly accountable for ensuring all software is patched weekly?
- Do we have a written, one-page Incident Response Plan, and does our team know where it is?
- Has our entire team been through a phishing simulation in the last quarter?
If you hesitate on any of these, your business is exposed.
Frequently Asked Questions
No. We advise against it in all cases. There is no guarantee you’ll get your data back, you mark yourself as a “willing payer” for future attacks, and you are funding a criminal enterprise. Restoration from a clean backup is always the correct path.
We conduct restore tests monthly for our clients, and weekly for critical data systems. An untested backup is not a recovery plan; it’s a gamble.
Some policies do, but insurers are tightening requirements dramatically. Most will not pay a claim if you cannot prove you had basic “due diligence” protections in place (like MFA, tested backups, and employee training).
Isolate. Disconnect the infected devices from the network (pull the network cable or turn off Wi-Fi) to prevent it from spreading. Then, call your security team immediately to start your incident response protocol. Do not delete any files or attempt to “clean” the machine yourself.
Yes. Our emergency response team has 30 years of experience on the front lines of ransomware response. We can remotely triage, contain the threat, and begin the recovery process, even if you are not currently a client.
For 30 years, HD Tech has helped leaders like you turn cyber risk into operational resilience. Whether you need a rapid assessment, incident response plan, or a trusted security partner, we’re ready to help.
H&D Technologies, LLC
322 Main Street, Suite 4
Seal Beach, CA 90740
