UK’s trusted IT infrastructure partner since 2003
sales@servnetuk.com
0800 987 4111
Servnet
ConfiguratorGet in Touch
How to back up business data so you never lose it — networkHow to back up business data so you never lose it — reach
How-To

How to back up business data so you never lose it

Eleni Vasquez · Data Protection Consultant10 min read

Almost every business owner believes they are backed up. A worrying number find out, on the worst possible day, that they were not - the backup had silently failed months ago, or it was sitting on a drive the ransomware also encrypted. Backing up properly is not about buying one clever gadget; it is a simple, repeatable habit built on one well-known rule. Here is how to set it up so that when something goes wrong - and eventually it will - you recover in hours, not weeks, and not never.

Is this actually a backup?
How is the copy stored and protected?
3-2-1 + immutable
Yes - a real backup
RAID redundancy
No - copies deletions too
File sync only
No - mirrors mistakes

First, decide what you are actually protecting

Before choosing any tool, list what would genuinely hurt to lose. It is rarely everything equally. Most firms have a small core of data that is the business - and a lot of replaceable noise around it.

Walk through where your important data actually lives: accounting and payroll, customer records and your CRM, email, shared files, any line-of-business or industry app, and the configurations that would take days to rebuild. A common and dangerous blind spot is assuming Microsoft 365 or Google Workspace backs itself up. It does not protect you from deletion, ransomware or a rogue account - that is your job, and we explain why in this guide to what Microsoft 365 does and does not include.

Live by the 3-2-1 rule

There is one rule that has protected data for decades, and it still holds. Keep three copies of your data, on two different types of media, with one copy kept off-site. It is deliberately simple, and every good backup plan is just a way of satisfying it.

Three copies means the original plus two backups, so a single failure never leaves you exposed. Two types of media means not having both backups on the same kind of device that could fail the same way. One off-site copy means a fire, flood or theft at your premises cannot take the original and every backup at once. We unpack each part in the 3-2-1 backup rule explained - this article is how to put it into practice.

Build the three layers in practice

For most UK small and mid-sized firms, satisfying 3-2-1 looks like three practical layers working together, each covering a different kind of disaster.

  • A local backup: a network drive or backup appliance on-site, so a deleted file or a dead laptop is restored in minutes, not hours.
  • An off-site / cloud backup: an automatic copy sent off your premises every day, so a fire, flood or theft cannot wipe out everything.
  • An immutable copy: a backup that cannot be altered or deleted once written - even by an administrator or by ransomware. This is the layer that defeats modern attacks, and we cover it in what an immutable backup is.

Know your two recovery numbers

Backups exist to be restored, so the questions that matter are about recovery, not storage. Two numbers turn a vague 'we back up' into a plan you can actually trust.

The first is how much data you can afford to lose, measured in time - if your last good backup is from last night, a mid-afternoon disaster costs you a day's work. Backing up more often shrinks that gap. The second is how long you can afford to be down before the loss becomes serious. A shop's till system and a quarterly report tolerate very different answers. Decide both for your key systems, and let them drive how often you back up and how fast a restore needs to be. The deeper version of this planning is a full disaster-recovery conversation, which our backup and disaster recovery team handles.

The three layers of a backup plan
LocalOff-site / cloudImmutableRecovers fromDeletion / dead PCFire / flood / theftRansomwareRestore speedFastestSlowerProtected last resortKept off-premisesNoYesYesCan be alteredYesYesNo - lockedSatisfies 3-2-1Copy + mediaOff-site copyHardened copy

Remember: RAID and sync are not backups

Two things constantly get mistaken for backups and will let you down. The first is RAID - the redundancy in a server or NAS that lets it survive a failed disk. It protects against hardware failure, not against deletion, corruption or ransomware, all of which it will faithfully copy. We spell this out in why RAID is not a backup.

The second is file sync - OneDrive, Dropbox, Google Drive. Sync mirrors your files everywhere instantly, which sounds like safety until you realise it also instantly mirrors a deletion or an encryption across every device. A true backup keeps separate, point-in-time copies you can roll back to. Sync and RAID are useful; neither is a substitute for the three layers above.

Test it, or you do not have it

An untested backup is a hope, not a plan. The most common and most painful failure is discovering during a real incident that the backups have been silently failing for months, or that nobody knows how to restore from them. Both are entirely avoidable.

So make testing a routine: actually restore a file, and occasionally a whole system, on a schedule - not for the first time in a crisis. Check that alerts reach a human when a backup job fails, and that someone owns acting on them. Get this habit right and a ransomware hit, a flood, or a fat-fingered deletion becomes an inconvenience you recover from calmly - which is exactly the outcome that protects a business when, as our guide to ransomware for UK businesses makes clear, the alternative is paying criminals or closing the doors.

Key takeaways
  • List what would genuinely hurt to lose first - and remember Microsoft 365 and Google Workspace do not back themselves up.
  • Follow the 3-2-1 rule: three copies, two media types, one off-site.
  • Build three layers - local, off-site/cloud and an immutable copy that ransomware cannot touch.
  • Decide how much data and how much downtime you can tolerate; those numbers drive your whole plan.
  • RAID and file sync are not backups - and an untested backup is just a hope until you have restored from it.
Frequently asked

FAQs — How to back up business data so you never lose it

The essentials

Does Microsoft 365 back up my email and files for me?

No - this is the most dangerous misconception in business IT. Microsoft keeps the service running and offers short retention, but it does not protect you from a user deleting data, a compromised account, or ransomware syncing through. Backing up your 365 data is your responsibility, and third-party backup for it is inexpensive.

How often should we back up?

It depends on how much work you can afford to lose. If losing a day would hurt, back up at least daily; if losing an hour would hurt, back up far more often. Decide what a realistic loss looks like for your key systems, then set the schedule to match - do not just accept a default.

Common mistakes

We have a NAS with RAID - isn't that enough?

No. RAID keeps the device running if a disk dies, but it happily replicates deletions, corruption and ransomware across all its disks. It is one useful copy, not a backup. You still need an off-site copy and ideally an immutable one - see our 'RAID is not a backup' guide.

Isn't OneDrive or Dropbox already a backup?

Not really. Sync tools mirror changes instantly, which means a deletion or a ransomware encryption is mirrored everywhere just as fast. A proper backup keeps separate point-in-time copies you can roll back to. Sync is convenient, but it is not the safety net it appears to be.

Related

Continue reading

More in How-To

Got a question this article didn't answer?

One conversation with an engineer who's done this before. No sales script.

Talk to Servnet →