Ransomware both the encryption attack and the exfiltrate/extortion attack are still probably your most serious cyber security risk.
Here is some basic advice all of which you have implemented:
- Have a ransomware resilient back-up
- Classify and Segregate your information
- Implement the “principle of least privilege”
Here is the latest double whammy ransomware attack being reported on in the tech news:
Donut extortion group also targets victims with ransomware (bleepingcomputer.com)
The risk is real.
Clive Catton MSc (Cyber Security) – by-line and other articles