How to protect your business from cyberattacks, ransomware, and data loss (2026)

<span class=How to protect your business from cyberattacks, ransomware, and data loss (2026)" loading="lazy">

How to protect your business from cyberattacks, ransomware, and data loss (2026)

Gabriele Natalini · 15/04/2026 · 8 min read

 

Introduction

If outdated software can put a major museum in difficulty, thinking that your company is “too small to interest hackers” is the wrong idea.

Corporate cybersecurity is not just about large institutions, multinationals or “front-page” targets. It also concerns SMEs, professional firms and organizations that work every day with data, access credentials, backups, cloud tools, devices and connected users.

The Uffizi case is a very concrete reminder: an exposed infrastructure, outdated software or a neglected control can turn a technical problem into an operational, economic and reputational issue.

Table of contents

The Uffizi case: what we really know

The news is not a coffee-break urban legend. The most authoritative public reconstructions agree that the Uffizi Galleries suffered a cyberattack between the end of January and the beginning of February 2026, with around twenty machines compromised.

Several media outlets also reported a ransom demand. According to the same reconstructions, the weakness exploited by the attackers appears to have been software used by the institutional website to manage the flow of low-resolution images.

The point that matters for companies

Beyond journalistic nuances, the message is very clear: an exposed infrastructure or outdated software can turn a technical problem into an operational, economic and reputational issue.

CSIRT, the security team of Italy’s National Cybersecurity Agency, continues to recommend the constant updating of exposed and vulnerable products, a sign that this topic is not theoretical but practical and part of everyday operations.

Why this story also concerns SMEs and professional firms

When people talk about ransomware, meaning data encrypted to demand a ransom, many imagine attacks designed only for large institutions, multinationals or “front-page” targets. It is a convenient mistake, but still a mistake.

CISA’s anti-ransomware guidance, from the U.S. cybersecurity agency, emphasizes that the economic and reputational impact of these incidents affects organizations both large and small, and that it is essential not only to do everything possible to protect yourself, but also to prepare an incident response plan in advance.

The real problem is everything that comes afterwards: unavailable files, blocked operations, users without access, unusable backups, delayed customer support and management forced to make urgent decisions with very little information.

NIST, an important U.S. agency that deals with technology standards, also highlights in its incident management guidelines the value of procedures, playbooks and coordinated response capabilities.

In brief
  • A cyberattack does not only hit servers: it hits everyday work.
  • The most vulnerable organizations are often those that believe they are not interesting targets.
  • The difference is not made by a “miracle security product”, but by the combination of processes, controls and correct habits.
  • Prevention and monitoring cost less than downtime, recovery and crisis management.

Good practices that truly reduce risk

Corporate cybersecurity is not built with a single box placed in the server room and a password called “Company2026!”. It is built with different layers of protection, visibility, training and business continuity.

CISA recommends, among other things, regular vulnerability scans, reducing the exposed surface, backups and preparation for incidents and extortion attempts.

  • Keep systems and software updated, especially if they are exposed to the Internet or used by many users.
  • Segment the network, for example separating phones from PCs, to prevent a single compromised endpoint from becoming a launchpad for the entire infrastructure.
  • Protect remote access with correct configurations, secure VPNs and control of remote access tools.
  • Train users, because phishing emails remain a very concrete entry point.
  • Monitor and respond with tools that detect signals, anomalies and suspicious behavior before they become a disaster.
Attention

The classic “we have antivirus, so we are fine” is no longer enough. Modern guidelines clearly distinguish between prevention, detection, investigation and response. If you stop at the first part, you leave the other three exposed.

3-2-1 backup, RMM, firewall and phishing training: what is really needed

Here it is worth being very concrete. Because when technical terms remain vague, in companies they almost always turn into two things: postponed budgets and underestimated risk.

3-2-1 backup

The 3-2-1 backup approach remains one of the healthiest foundations: multiple copies of data, at least 3, on different media, at least 2, and at least one copy separated from the main operational environment. CISA, in its backup resources and anti-ransomware material, emphasizes the value of remote copies or copies capable of protecting data even from serious failures or malware.

In practice: if the backup is always there, connected and happy in the same environment where the problem might occur, it could become part of the problem. To learn more, you can visit the Esobit page dedicated to backup and disaster recovery and the one on server and storage.

RMM

Remote Monitoring and Management tools are very useful for managing patches, updates, control and maintenance of devices. But CISA also reminds us that remote access software and RMM tools are often exploited by malicious actors for initial access, persistence, lateral movement and data exfiltration, so they must be properly protected and governed.

This is exactly why device management should not be seen as boring maintenance, but as part of security.

Firewall and networking

Firewalls, segmentation and correct network rules remain fundamental to reducing the attack surface and containing lateral movement. If the network is flat, permissive and poorly governed, a local incident risks becoming a company-wide incident. For this area, you can also learn more about Esobit’s networking service.

Phishing training

The UK National Cyber Security Centre is very clear: defending against phishing means combining technical defenses and staff training, with recurring activities, simulations and continuous reminders. One annual email saying “be careful” is not enough. People remember better when training is concrete and repeated over time.

This is why it also makes sense to work on simulated campaigns such as PhishGuard. For a related insight, you can also read the article on typosquatting and phishing.

Translated into practice

Backup to recover. SIEM to see. RMM to manage. EDR to respond. Firewall and VPN to control access. Phishing training to avoid handing over the keys to the house at the first wrong link.

The most common mistakes that open the door to attacks

Serious incidents rarely come from a single spectacular mistake. More often, they come from a collection of small oversights lined up with almost artistic precision.

  • Software updated “when there is time”.
  • Backups that exist but are never tested.
  • Remote access left active without periodic review.
  • Administrator users where they are not needed.
  • Devices not inventoried or monitored.
  • Limited phishing training.
  • Networks without real segmentation.
  • Logs collected but never correlated or read.

Want to understand where your company is truly exposed?

If you want to understand where you are really exposed before the next red alert, the sensible step is to perform a concrete assessment of your security posture.

Request a consultation 

Frequently asked questions

What is a 3-2-1 backup and why is it still important?

It is an approach based on having multiple copies of data on different media, with at least one copy separated from the main operational environment. CISA’s guidance on backup and ransomware points precisely in the direction of making recovery possible even when malware or failures affect the primary environment.

What is a SIEM used for in a company?

It is used to collect and correlate security events from multiple sources in order to improve visibility, threat detection and incident response. Microsoft defines it as a platform that aggregates and analyzes security data from various sources within the IT infrastructure.

Are antivirus and firewall enough against ransomware?

On their own, no. Modern guidelines emphasize a multilayered approach made of prevention, monitoring, backup, access control and response capabilities. EDR, for example, is designed to detect and respond to advanced threats that go beyond the preventive barrier alone.

Why is phishing training so important?

Because many compromises begin with a user clicking on an email, a fake web page or an urgent request that appears legitimate. The NCSC, the UK cybersecurity agency, recommends continuous training, simulations and periodic reminders, not isolated one-off initiatives.

How Esobit can help you secure your network and company

If you take corporate cybersecurity seriously, the right path does not start with the impulsive purchase of the product of the moment. It starts with a serious analysis of infrastructure, devices, access, backups, network and user behavior.

At Esobit, we can help you build a more orderly and realistic approach by combining infrastructure, endpoint protection, networking, device management, business continuity and user awareness. The areas closest to this path are the page dedicated to corporate cybersecurity, ICT services, networking, device management, backup and disaster recovery and, when architecture and resilience need to be redesigned, also cloud migration.

You can also explore related resources such as antivirus vs EDR, DNS filters for cybersecurity and device control for data protection.

What do you want to do now?

If you want to understand where you are truly exposed before the next red alert, the sensible step is to carry out a concrete assessment of your security posture.

Discover how Esobit can help you secure your company

Contact Esobit 

prova
Titolo autore
Gabriele Natalini

Sottotitolo autore
Social Media Specialist

Read more:

Device control: what it is, how it works, and why it is important for data protection

Discover more

What is DNS Filtering and why is it essential for corporate security

Discover more
Alessandro_Ciucci_cut_9_11zon.webp

Do you need cybersecurity consulting?

An Esobit specialist will guide you toward the best path for your business, with a fully customized solution tailored to your specific needs.

Contact us