Best practice configuration for preventing Ransomware on Windows workstations ?

Question

People, 
 All of my workstations and the servers are running Sophos Endpoint Security and Control v10.7 while the Management Server is running Sophos Enterprise Console version 5.2.2 
 Can anyone here please share some tips and steps on how to configure Sophos Policy to prevent Ransomware for all Servers and Workstations? 
 Thanks in advance, 
 S.E

QC · Accepted Answer

Hello S.E, 
 please see the Ransomware: Frequently asked questions (it also contains a link to the prevention advice article near the bottom). 
 As there isn't 100% protection assume that you might get hit, make sure your data is backed up and that you can restore it within a reasonable time. 
 Christian