Making regular and comprehensive back-ups of data is the only good assurance against an infection or an attack that would corrupt the production data or render it inaccessible.
Regular back-ups consist of making a copy of all the important data on a (non-)physical carrier, which is different from that on which the data was generated. The best way to start is to have a policy in place for end-users which explains where critical data needs to be stored (for example on a specific share, location, etc.).
Define how often backups for each type of data should be performed, what media they should be stored on and how long you will keep the backup.