That is a good question, first a disclaimer, I don't know the full details on what I am about to explain, if anyone has a better insight on what happens please feel free to correct me. There are a couple different types of ban, there are two I'm fully aware they exist and a 3rd one I've never experienced nor have concrete information if it's even real.
Local Friend Code Seed ban
These are the most common if you are just an average CFW user, Nintendo stroke many consoles with a ban-wave some time ago, the users affected with this ban-wave only had their specific console banned, or more specifically, their Local Friend Code Seed, which is a file that basically is blacklisted on Nintendo servers and thus are prevented from participating on most online activities, the only exceptions being using the e-shop and pokemon bank (I'm unsure if the latter or any others are applicable.)
This ban though scary can be lifted up, it's just a matter of getting an unbanned LFC seed and replacing the older one, however doing so has some disadvantageous outcomes, first, that seed is "marked" now, as its chances of getting detected and banned rises, the more users use it the higher the risk of that seed getting banned, if it's banned it's back to the beginning and you'll need to find a new one. The second disadvantage is that these seeds can't be replicated nor generated, so there are as many seed as there are 3DSes out there. Finally and this is one I've seen almost no one talk about, is that it has a higher chance of getting you into "For Glory Hell" in Smash Brothers, due to the same principle I laid before, the higher the number of players playing around with it makes it so you are more prone to end up there, it's nothing serious but can get annoying some times, this last point is just based on my experience, so it may be totally wrong.
Lastly this ban's biggest thing is that no one is sure how Nintendo detects or enforces this ban, a 800+ (or something) topic on this yielded mixed results, there is the idea that disabling spot-pass and other internet options makes it less likely for you to get banned, but to be honest the targets seem to be totally random. Luckily for us the ban have stopped for now, but you never know when they would start to ban consoles again, my idea is that if you have CFW you are already marked, but you could try to hide it somehow. It is also advised to not uninstall your CFW once installed as you'd still be marked, but with less tools to fight the ban once it happens.
NNID ban
This one is one ban I haven't experienced myself, because it's kinda harder to get, basically it's given to you if you are detected to be playing online on a major release (examples so far have been Pokemon games and Fire Emblem) before the release date. This ban is much more severe, (and I'm unsure if it's even an NNID ban) from what I understand is that it prevents you from accessing all online capabilities and can't be lifted, supposedly there are a couple of users who know how, but I don't think they've ever shared it publicly. To avoid this ban just don't play major titles before release or if you really want to, do it while off-line, but still, it's a bit risky.
Game Specific bans
This last one is a bit weird because I've heard some reports of it but never seen it explicitly differentiated from the others, my understanding is that it only bans you from a single game (Pokemon and Monster Hunter are the only ones I know it could happen) when cheating is detected, but I've never seen it happen, I also don't know how to lift it.
And those are it pretty much as far as I know, there is no fool-proof way of preventing bans that we know of, and not using internet connections is kinda like banning yourself, my advice is not to worry too much about it, it's pretty easy to lift as long as it's the LFC seed ban. Hope this was helpful.