- Always have offsite / backups that are not accessible via a share (since if it can see your backups it will encrypt them first).
- If using cloud storage services such as OneDrive or Google Drive your documents are backed up in version control - though some viruses / Ransomware can make it difficult to restore these / get the original filename back and you may require assistance to recover these.
- Patch - Patch everything and make sure you got everything (refer to NWS5696059 in the Other Useful Articles section below for a link to a tool to scan your network to identify computers not patched).
- Have up to date anti-virus - RMVP and now most anti-virus vendors' products are also blocking the SMBv1 manipulation that WannaCrypt is using (you still need to patch but your AV is helping (if it's up to date)).
The advice to respond to MS17-010 - WannaCrypt is to patch - remember the HyperV physical servers, if you have them, as these are often found unpatched or waiting to install a patch from some time ago.
If you cannot patch a device, then disabling SMBv1 can be used (though resolution of why you cannot patch a device should be high on your to-do list). If you blanket ban SMBv1 on your network, you may cause issues.
The problem is that disabling SMBv1 could affect all those other, often forgotten, systems on the network - Signage, Cashless Catering, Visitor Entry Systems, BMS, CCTV, VLE - as well as potentially any older Mac OSX, IOS, Android, BYOD, guests and potentially systems brought into your school by social services / council employees etc. Even older versions of Smoothwall (pre-Inverness release) uses SMBv1 to contact your domain controllers, so user based filtering rules will not work.
There will be other systems not listed - so patch now - and then plan a project to remove SMBv1 later when it can be done in a controlled manner.
If you need a hand please do get in touch with RM Support or your normal support provider.