Skip to main content

Backup & Recovery

A good backup is the best protection against ransomware, accidental deletion, hardware failure, and theft. Many small businesses discover their backups don't work when they need them most — test yours before that happens.

The 3-2-1 backup rule

The 3-2-1 rule is the industry standard for backup strategy. It ensures no single event can destroy all copies of your data.

  • 3 copies of your data — the original plus two backups.
  • 2 different storage types — such as a local drive and cloud storage.
  • 1 copy offsite — so a fire, flood, or theft affecting your premises doesn't destroy everything.
  • For ransomware protection, ensure at least one copy is "air-gapped" — not connected to your network.

What to back up

Prioritise the data that would be most costly or disruptive to lose. Not everything needs to be backed up — focus on what matters most to your business.

  • Customer records, contacts, and communication history.
  • Financial data, invoices, and accounting records.
  • Business documents, contracts, and proposals.
  • Website files and databases if you manage your own hosting.
  • Email — especially if you use a local email client rather than webmail.
  • Software licence keys and configuration files.

Test your backups regularly

A backup that hasn't been tested is just a hope. Many businesses discover their backup process was broken — or the files were corrupted — only when they try to restore after an incident.

  • Restore a sample of files from your backup at least quarterly to confirm it works.
  • Test a full system restore at least once a year — ideally to a spare device.
  • Document your recovery procedure step by step so anyone in your team could follow it.
  • Check that backup jobs are completing successfully — many tools send alerts when they fail.
  • Verify that the backup includes recent data — an outdated backup has limited value.

Cloud vs. local backup

Both cloud and local backup have advantages. The right approach for most small businesses is to use both.

  • Cloud backup protects against physical damage, theft, and fire at your premises.
  • Local backup allows faster recovery — restoring 500 GB from a local drive is much quicker than downloading it.
  • Cloud storage (OneDrive, Google Drive, Dropbox) is not a backup — if you delete or overwrite a file, the change syncs everywhere.
  • Dedicated cloud backup services maintain version history and deleted file recovery for a defined period.
  • Consider data sovereignty — some cloud providers store data outside the UK. Check this if you hold sensitive customer data.

After a data loss incident

Knowing what to do in the event of data loss — whether from ransomware, hardware failure, or accident — helps you respond calmly and recover faster.

  • Isolate affected systems immediately to prevent spread — disconnect from the network.
  • Don't pay ransoms if you can restore from backup — payment funds criminal activity and doesn't guarantee recovery.
  • Report ransomware and significant data breaches to the NCSC and, if personal data is involved, to the ICO.
  • Use a clean system to access your backups — don't restore to a potentially compromised machine without wiping it first.
  • Review what happened after recovery so you can prevent recurrence.

Ready to protect your business?

Start free — no credit card needed