For what is worth ad maybe I'm just lucky or did the right things. I'm using Sophos with Sierra locally, not on the web.
I have my backups in Dropbox, iCloud Drive, CrashPlan and an external hard drive and everything (knock on wood) has had no problems.
I'm redundant not only in backups but in firewalls by not relying on the router that my ISP provided me but by putting another router between my Mac and the ISP router.
If you want to continue to use Sophos and be in the Apple eco system (i think it's cheaper to pay a few buck a month than to change all your Apple devices (OS, iOS, etc), my advise is disable the Sophos from the internet as well as from the the computer, run a first back up. It should take the normal time (depending how much info you have i.e music, photos, videos, apps, documents etc).
After it finishes activate only and only the Sophos in you computer without telling to run a scan. Just by the mere fact of having it running in the back, Sophos does catch the possible viruses.
If you want you can install Malware Bytes. That is what Apple recommends.
I wish everyone the best and remember that with Apple there are always many ways to skin the cat.