How do we exercise ransomware readiness without breaking anything for real?

A tabletop is a roundtable where you simulate a disaster and walk through how everyone would react. Cheap, disarming, and surfaces blind spots before the real thing. Run at least one a year.

support/backups-recovery/tabletop-oefening-ransomwaresteps: 6

1. 01Write a realistic scenario: a user reports encrypted files at 9:30 on a Tuesday, nobody on the floor knows if it's a test. Add twists (CEO on holiday, helpdesk staff sick).
2. 02Invite the right people: IT, leadership, communications, legal, optionally a hired DFIR firm as facilitator. Not just IT.
3. 03Walk through chronologically: first report, verification, isolation, escalation to leadership, cyber insurance, customer comms, ransom decision, recovery plan.
4. 04Make every question concrete: what does the receptionist say to a journalist on the phone? Who has DFIR contact details ready when the admin laptop is unreachable? Which emergency invoicing process runs if the ERP is gone?
5. 05Document the gaps: 'didn't know who's authorised to decide on ransom', 'recovery keys live in a tool that's itself encrypted', 'no comms plan'. Those are your action items.
6. 06Close the gaps within 30 days and repeat yearly. Otherwise it becomes a good intention.

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.