The objective of making regular and comprehensive back-ups of data is the only good assurance against an infection or an attack that would corrupt the production data or render it inaccessible.
Regular back-ups consist of making a copy of all the important data on a (non-)physical carrier, which is different from that on which the data was generated. The best way to start is to have a policy in place for end-users which explains where critical data needs to be stored (for example on a specific share, location, etc.).
Define how often backups for each type of data should be performed , what media they should be stored on and how long you will keep the backup