Data loss can happen to any business at any time. A server crash, a ransomware attack, an accidental deletion, or even a flood at your office can destroy years of business data in minutes. The businesses that survive these events are the ones with reliable backups.
This guide covers backup best practices that protect your business without overcomplicating your IT operations.
The 3-2-1 Backup Rule
The gold standard for data protection is the 3-2-1 rule:
- 3 copies of your data (1 primary + 2 backups)
- 2 different storage types (e.g., local disk + cloud)
- 1 copy stored offsite (away from your primary location)
This ensures that no single event — hardware failure, fire, ransomware — can destroy all your copies.
What to Back Up
Many businesses back up their files but forget other critical data. Your backup plan should cover:
Must back up:
- Business documents and files
- Email data and archives
- Database contents (customer records, orders, inventory)
- Website files and database
- Financial records and accounting data
- Employee records
- Configuration files and settings
Often overlooked:
- Browser bookmarks and saved passwords
- Software license keys
- Custom templates and macros
- Chat history (if business-critical)
- CCTV footage (if stored digitally)
Backup Types Explained
Full backup: Copies everything. Takes the most time and storage but is simplest to restore from.
Incremental backup: Only copies what changed since the last backup. Fast and storage-efficient, but restoration requires all incremental copies.
Differential backup: Copies everything changed since the last full backup. Faster restoration than incremental, uses more storage.
Recommended approach: Run a full backup weekly, with incremental or differential backups daily. This balances storage costs, backup speed, and recovery time.
Where to Store Backups
Local Backup (External Drive or NAS)
Pros: Fast backup and restore, no internet needed, one-time hardware cost.
Cons: Vulnerable to physical damage, theft, and ransomware if connected to the network.
Best for: Quick recovery of individual files and recent data.
Tip: Keep the backup drive disconnected from the network when not actively backing up. Ransomware can encrypt connected backup drives.
Cloud Backup
Pros: Offsite by default, automatic, scalable, survives physical disasters.
Cons: Requires internet bandwidth, ongoing subscription cost, initial upload can be slow.
Best for: Offsite redundancy, disaster recovery, businesses without a second physical location.
Providers to consider:
- Google Workspace (if you already use it for email)
- Microsoft 365 (OneDrive + SharePoint)
- Backblaze B2 (affordable for large volumes)
- AWS S3 Glacier (for archival data)
Hybrid (Local + Cloud)
Best of both worlds: Local backup for fast recovery, cloud backup for disaster recovery. This is the recommended approach for most businesses.
Backup Frequency
How often you back up depends on how much data you can afford to lose:
| Data Type | Recommended Frequency |
|---|---|
| Databases and transactional data | Every 1-4 hours |
| Business files and documents | Daily |
| Daily | |
| Website content | Daily |
| Configuration and settings | Weekly |
| Archives and old projects | Monthly |
Testing Your Backups
A backup you have never tested is not a backup you can trust. Schedule regular restore tests:
- Monthly: Restore a random file from backup and verify it is intact
- Quarterly: Perform a full system restore on a test machine
- Annually: Conduct a full disaster recovery drill — simulate a major failure and recover from scratch
Document the results. If a restore test fails, fix the backup process immediately.
Protecting Backups from Ransomware
Ransomware specifically targets backups to prevent recovery. Protect yours with:
- Air-gapped backups: At least one backup copy disconnected from the network
- Immutable storage: Cloud storage with versioning and immutability enabled (e.g., AWS S3 Object Lock)
- Separate credentials: Backup accounts use different passwords from admin accounts
- Monitoring: Alerts for unusual backup activity (large deletions, encryption of backup files)
Backup for Remote Teams
If your team works remotely, their local files are at risk if their laptop fails or is stolen.
- Require all work to be saved to cloud storage (Google Drive, OneDrive, or Dropbox)
- Enable laptop backup through your MSP or a tool like CrashPlan
- Ensure remote workers’ devices are encrypted
- Have a clear process for lost or stolen devices
Recovery Time Objectives
Two metrics define your backup strategy:
- RPO (Recovery Point Objective): How much data can you afford to lose? If your RPO is 4 hours, you need backups at least every 4 hours.
- RTO (Recovery Time Objective): How quickly do you need to be back online? If your RTO is 2 hours, you need fast recovery options (not just cloud archives).
Define these for each system in your business and design your backup strategy to meet them.
Get a Backup Assessment
Not sure if your current backup setup is sufficient? Contact 24Bit System for a backup and disaster recovery assessment. We help businesses design, implement, and test backup strategies that actually work when you need them.
