There's a good practical checklist here on the ISC website:
A Wall Against Cryptowall? Some Tips for Preventing Ransomware