When it comes to ransomware protection we can think of 2 main focuses: Prevention and Mitigation.
Under prevention, we're trying to get everything right so we can lessen the possibility of a ransomware attack in the first place.
In mitigation we are actually conducting significant advance preparation to be resilient when any attacks do occur. In this way when an attack does occur (when, not if) we are able to bounce back.
To prevent a ransomware attack from occurring, you want to be conducting all cybersecurity best practice steps - and this especially includes each and every one of your employees and integrated business partners who have any connections to your data and networks.