How do we exercise ransomware readiness without breaking anything for real?
A tabletop is a roundtable where you simulate a disaster and walk through how everyone would react. Cheap, disarming, and surfaces blind spots before the real thing. Run at least one a year.
Try this first
- 1Write a realistic scenario: a user reports encrypted files at 9:30 on a Tuesday, nobody on the floor knows if it's a test. Add twists (CEO on holiday, helpdesk staff sick).
- 2Invite the right people: IT, leadership, communications, legal, optionally a hired DFIR firm as facilitator. Not just IT.
- 3Walk through chronologically: first report, verification, isolation, escalation to leadership, cyber insurance, customer comms, ransom decision, recovery plan.
- 4Make every question concrete: what does the receptionist say to a journalist on the phone? Who has DFIR contact details ready when the admin laptop is unreachable? Which emergency invoicing process runs if the ERP is gone?
- 5Document the gaps: 'didn't know who's authorised to decide on ransom', 'recovery keys live in a tool that's itself encrypted', 'no comms plan'. Those are your action items.
- 6Close the gaps within 30 days and repeat yearly. Otherwise it becomes a good intention.
When to bring us in
For regulated sectors or larger orgs, an external DFIR or red-team facilitator helps. They bring scenarios your team can't imagine and an outside eye forces honesty.
See also
- We have backups but we do not know if they workA backup that cannot be restored is not a backup. Testing matters as much as taking the backup.
- Suspected ransomware: what to do RIGHT NOWThe first 30 minutes are critical. One wrong move spreads the damage. Read before acting.
- Someone accidentally deleted an important folderUsually fine to recover. The trick: do not save anything new on that drive until you know how.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.