A Nottingham-based marketing agency arrived at their office one Monday morning to discover their server was encrypted. A ransomware attack over the weekend had locked all their files — client campaigns, financial records, five years of creative work. The attackers demanded £15,000 for the decryption key.

The agency had backups. Or rather, they thought they did. The backup system had been silently failing for three months, and no one had noticed. They paid the ransom. The decryption key didn’t work properly, and they lost 40% of their data anyway. The business nearly folded.

Six months earlier, a Manchester accountancy firm experienced a similar attack. They also had backups — properly configured, regularly tested ones. They told the attackers to get lost, restored from backup, and were fully operational within 24 hours. Total cost: zero, aside from half a day of inconvenience.

The difference? One business treated backups as a checkbox they’d ticked years ago. The other treated them as the critical insurance policy they are.

Why Backups Matter More Than Ever

Data is the lifeblood of modern businesses. Customer information, financial records, intellectual property, operational data — lose it, and you may lose your business.

The Threats Are Real and Growing

Ransomware attacks are increasingly common:

• UK businesses face an average of 65 ransomware attacks per second
• Small businesses are particular targets (easier to compromise than enterprises)
• Average ransom demands have increased to over £100,000
• Paying doesn’t guarantee data recovery (around 40% don’t get their data back even after paying)

Hardware fails eventually:

• All storage devices have limited lifespans
• Hard drives typically last 3-5 years
• SSDs can fail suddenly with no warning
• Server failures often happen at the worst possible times

Human error is inevitable:

• Accidental file deletion
• Overwriting important documents
• Misconfigured systems that corrupt data
• Staff mistakes during updates or migrations

Other risks include:

• Fire, flood, or other physical disasters
• Theft of devices containing business data
• Malicious insiders or disgruntled employees
• Software bugs that corrupt databases
• Cyber attacks beyond ransomware (data wiping, sabotage)

The Cost of Data Loss

When businesses lose critical data, the impacts are severe:

Immediate costs:

• Lost revenue during downtime (average: £3,500 per hour for small businesses)
• Emergency IT support and data recovery attempts
• Potential ransom payments
• Recreating lost work and data

Long-term consequences:

• Customer trust and reputation damage
• Regulatory fines (GDPR requires data protection)
• Lost contracts and business opportunities
• Potential legal liability
• Insurance premium increases

According to various studies, 60% of small businesses that lose their data close within six months. That’s not just a statistic — that’s businesses like yours that simply couldn’t recover from catastrophic data loss.

“Backups aren’t an IT consideration — they’re a business survival strategy. The question isn’t whether you can afford good backups, but whether you can afford to be without them.”

The 3-2-1 Backup Rule

The gold standard for backup strategies is deceptively simple: 3-2-1.

What It Means

3 copies of your data:

• The original (your working data)
• Two backups (so you’re protected even if one backup fails)

2 different media types:

• Don’t store all copies on the same type of storage
• Example: One on external hard drives, one on cloud storage
• Protects against media-specific failures

1 copy offsite:

• At least one backup must be physically separate from your location
• Protects against fire, flood, theft, or local disasters
• Cloud storage naturally fulfils this requirement

Why This Rule Works

Redundancy protects against single points of failure:

• If your primary system fails, you have two backups
• If one backup is corrupted or fails, you have another
• Multiple copies mean multiple chances to recover

Different media protects against systemic issues:

• Ransomware might encrypt your server and attached backup drives
• But cloud backups remain unaffected
• Hardware failure of one drive doesn’t affect the other

Offsite protection guards against local disasters:

• Fire destroys your office and any backups stored there
• Offsite backups remain safe and accessible
• You can recover and continue operating from a different location

A Real Example

A Bristol web design studio implemented 3-2-1 backups:

• Copy 1: Working files on their main computers and server (original)
• Copy 2: Nightly automated backups to a NAS (Network Attached Storage) device in their office
• Copy 3: Daily cloud backups to a secure storage service

When ransomware hit their network, it encrypted the computers and server. The NAS was also encrypted because it was connected to the network. But the cloud backups, stored offsite and isolated from their network, were untouched. They restored everything and were working again the same day.

The 3-2-1 rule saved them from disaster.

Types of Backup Solutions

Understanding your options helps you choose the right approach for your business.

Local Backups

What they are: Backups stored on physical devices at your location — external hard drives, NAS devices, or local backup servers.

Advantages:

• Fast backup and restore speeds (no internet upload/download)
• Complete control over your data
• No ongoing cloud storage costs
• No dependence on internet connection for restores

Disadvantages:

• Vulnerable to local disasters (fire, flood, theft)
• Requires physical security and proper storage
• Manual intervention often needed
• No protection if ransomware spreads to backup devices

Best for: Part of a 3-2-1 strategy, not as your only backup.

Implementation tips:

• Use automated backup software, not manual copying
• Store external drives in fireproof safes when not in use
• Rotate multiple drives (use Monday drive, Tuesday drive, etc.)
• Keep backup devices disconnected when not actively backing up

Cloud Backups

What they are: Data backed up to remote servers via the internet, managed by cloud storage providers.

Advantages:

• Automatically offsite (disaster protection)
• Professional infrastructure and redundancy
• Accessible from anywhere
• Versioning and point-in-time recovery
• Scalable (easily add more storage as needed)
• Protected from local ransomware attacks

Disadvantages:

• Ongoing subscription costs
• Restore speed dependent on internet connection
• Data stored with third party (trust and compliance considerations)
• Initial backup can take time for large datasets

Best for: Critical offsite backup component of 3-2-1 strategy.

Popular options:

• Backblaze: Unlimited computer backup for fixed monthly fee
• Acronis Cyber Protect: Comprehensive backup with ransomware protection
• Microsoft 365/Google Workspace: Built-in cloud storage and backup features
• AWS S3/Azure Blob Storage: Flexible cloud storage for custom backup solutions

Implementation tips:

• Enable encryption for data in transit and at rest
• Configure automatic, scheduled backups
• Monitor backup success/failure notifications
• Understand data location (UK/EU for GDPR compliance)

Hybrid Backups

What they are: Combination of local and cloud backups, typically with local for speed and cloud for security.

Advantages:

• Fast local restores for common scenarios (accidental deletion, small failures)
• Cloud protection against major disasters
• Best of both approaches
• Comprehensive protection

Disadvantages:

• Higher total cost (local infrastructure plus cloud subscription)
• More complex to configure and maintain
• Requires management of multiple systems

Best for: Businesses serious about data protection and requiring both speed and security.

Typical setup:

• Continuous or hourly backups to local NAS
• Daily backups to cloud storage
• Local backups provide fast recovery for routine issues
• Cloud backups provide disaster recovery capability

Backup Software vs Manual Backups

Manual backups (copying files to external drives) are better than nothing, but they:

• Rely on someone remembering to do it
• Are inconsistent and incomplete
• Don’t include system configurations or databases
• Can’t easily recover to specific points in time

Automated backup software ensures:

• Consistent, scheduled backups without human intervention
• Complete system images, not just files
• Versioning (keep multiple historical versions)
• Easy restoration processes
• Verification and error alerts

Investment in proper backup software pays for itself the first time you need it.

What to Back Up

Not all data is equally critical. Prioritise properly:

Essential (Must Backup)

Business-critical files:

• Customer and client data
• Financial records and accounts
• Contracts and legal documents
• Intellectual property
• Active project files

System configurations:

• Server and network configurations
• Application settings
• Database structures
• User accounts and permissions

Communication data:

• Email archives
• Important correspondence
• Recorded meetings and calls (if applicable)

Important (Should Backup)

Operational data:

• Templates and standard documents
• Marketing materials and branding assets
• Training materials and documentation
• Historical projects and archives

Applications and software:

• Custom or configured software
• Licenses and activation keys
• Installation files for critical apps

Lower Priority (Nice to Backup)

General files:

• Easily recreated documents
• Downloaded files available online
• Temporary or cache files
• Personal files (though staff should back these up personally)

What Not to Back Up

Some data doesn’t need backing up:

• Operating system files (can be reinstalled)
• Application binaries (can be reinstalled)
• Temporary files and caches
• Truly disposable data

Focus backup resources on irreplaceable or business-critical data.

Backup Frequency: How Often Is Enough?

The right backup frequency depends on how much data you can afford to lose.

Ask Yourself: What’s Acceptable Data Loss?

Scenario: Your system fails at 3pm on Wednesday. Your last backup was Sunday night. You lose two and a half days of work.

Can your business accept that? If not, you need more frequent backups.

Recommended Frequencies

Critical, frequently changing data:

• Continuous or hourly backups
• Examples: Point-of-sale systems, actively used databases, CRM systems
• Local backups can be very frequent (every hour or even continuous)

Important, daily-changing data:

• Daily backups (typically overnight)
• Examples: General business files, documents, emails
• Most businesses should have at least daily backups

Less critical or static data:

• Weekly backups may suffice
• Examples: Archived projects, reference materials
• Can use less frequent cloud backups to save costs

System configurations:

• Backup after any changes
• Also include in regular daily/weekly backups
• Critical for quick recovery

Real-World Example

A Leeds-based online retailer configured their backups as:

• Every 4 hours: Database backups (order and customer data)
• Nightly: Full server backups to local NAS
• Daily: Cloud backups of critical databases and configurations
• Weekly: Complete system images to cloud storage

When a database corruption occurred on Thursday afternoon, they lost only two hours of data (4-hour backup interval). Restoring from the most recent backup meant minimal disruption — a few orders needed re-entering, but customers were barely affected.

With only daily backups, they would have lost 14 hours of orders — potentially hundreds of sales and significant customer dissatisfaction.

Testing Your Backups: The Critical Step Everyone Skips

Here’s an uncomfortable truth: An untested backup is not a backup — it’s a hope.

Why Testing Matters

Backups fail for many reasons:

• Configuration errors (backing up wrong locations)
• Corruption (backup files damaged or incomplete)
• Software bugs
• Insufficient storage space
• Permission issues preventing proper backup
• Encryption key problems
• Compatibility issues during restore

You discover these issues when testing backups — or when trying to restore during an emergency. Which situation would you prefer?

The Backup Testing Reality

A Cornwall-based solicitor’s office discovered their backup system had been failing for eight months — when they needed to restore files after a server crash. Eight months of client work, completely unrecoverable. The firm faced professional indemnity claims and nearly went under.

The tragedy? A simple monthly test restore would have revealed the problem immediately.

How to Test Backups Properly

Monthly test restores:

• Pick a random sample of backed-up files
• Actually restore them to a test location
• Verify the files open correctly and aren’t corrupted
• Document the test (date, what was tested, result)

Quarterly disaster recovery drills:

• Simulate a complete system failure
• Practice full system restore process
• Time how long it takes
• Identify any issues or missing documentation
• Update disaster recovery procedures based on findings

Annual full recovery test:

• Restore an entire system to different hardware (or virtual machine)
• Verify everything works (applications, data, configurations)
• Ensure team members know the recovery process
• Test whether documentation is clear and complete

Automated verification:

• Many backup systems can automatically verify backup integrity
• Enable these checks and monitor the results
• Don’t ignore verification warnings

Monitor backup logs:

• Review backup success/failure reports regularly
• Investigate any failures or warnings immediately
• Ensure notification emails aren’t being ignored

Make Testing Part of Your Routine

Schedule it like any other maintenance:

• Add test restores to monthly operations calendar
• Assign responsibility to specific team member
• Include testing in IT support contracts if outsourced
• Document procedures so anyone can perform tests

The few hours spent testing backups each year are nothing compared to the weeks (or months) spent recovering from data loss when untested backups fail.

Backup Retention: How Long to Keep Backups

You need both recent backups (for quick recovery) and historical backups (for longer-term recovery scenarios).

Typical Retention Policies

Daily backups:

• Keep for 7-30 days
• Provides short-term recovery for recent changes
• Catches issues discovered quickly

Weekly backups:

• Keep for 1-3 months
• Provides medium-term recovery
• Useful for issues discovered later

Monthly backups:

• Keep for 6-12 months
• Long-term recovery and compliance
• Historical reference if needed

Annual backups:

• Keep for 3-7 years (depending on legal requirements)
• Compliance and legal protection
• Very long-term historical reference

Considerations

Legal and regulatory requirements:

• GDPR requires data protection but also deletion when no longer needed
• Financial records may need retention for 6 years (HMRC requirement)
• Industry-specific regulations may mandate retention periods
• Balance compliance requirements with backup storage costs

Storage costs:

• Longer retention requires more storage space
• Cloud storage costs accumulate
• Consider lifecycle policies (move old backups to cheaper “archive” storage)

Ransomware considerations:

• Keep at least one backup that’s older than typical ransomware dwell time (30+ days)
• Attackers sometimes lurk in systems for weeks before triggering ransomware
• Recent backups might already be infected or encrypted

The 3-2-1-1-0 Rule: An extension of 3-2-1 adds:

• Another 1: Keep one offline/immutable backup (air-gapped or write-once storage)
• 0: Zero errors in backup verification

This extra offline backup protects against sophisticated ransomware that targets backup systems.

Common Backup Mistakes to Avoid

Learn from others’ expensive errors:

Mistake 1: Backup Devices Connected to Network

The problem: If your backup drive is always connected, ransomware can encrypt it along with everything else.

Solution: Disconnect backup drives when not actively backing up, or use cloud backups that are isolated from your network.

Mistake 2: No Offsite Backup

The problem: All backups in your office burn in a fire along with your computers.

Solution: Always maintain at least one offsite backup (cloud storage naturally provides this).

Mistake 3: Never Testing Restores

The problem: Backups failing silently for months, discovered only when needed.

Solution: Regular test restores, as discussed above.

Mistake 4: Backing Up to the Same Drive

The problem: Backing up your computer to a partition on the same hard drive.

Solution: Backups must be on physically separate storage devices.

Mistake 5: “Set and Forget”

The problem: Configuring backups years ago and never checking them again.

Solution: Regular monitoring, testing, and review of backup systems.

Mistake 6: No Backup Documentation

The problem: Only one person knows how to restore backups; they’re on holiday when disaster strikes.

Solution: Document backup and restore procedures clearly. Multiple people should understand the process.

Mistake 7: Ignoring Cloud Service Backups

The problem: Assuming Microsoft 365 or Google Workspace automatically backup everything indefinitely.

Reality: These services have retention limits and don’t protect against all scenarios. Third-party backup solutions for cloud services are often necessary.

Mistake 8: Inadequate Security

The problem: Unencrypted backups, weak access controls, backup credentials stored insecurely.

Solution: Encrypt backups, secure access, protect backup service credentials like any other critical password.

Mistake 9: Insufficient Retention

The problem: Only keeping backups for a few days, discovering corruption or issues weeks later when all backups contain the problem.

Solution: Maintain longer retention with weekly and monthly backups.

Mistake 10: No Plan for Large Restores

The problem: Cloud backups are great until you need to restore 2TB over a broadband connection (could take weeks).

Solution: Understand restore time expectations. Some cloud services offer physical delivery of restored data on drives for large recoveries.

Choosing the Right Backup Solution

With so many options, how do you decide?

For Individual Computers

Good options:

• Backblaze Computer Backup: Unlimited backup for fixed monthly fee, simple and reliable
• Acronis Cyber Protect Home Office: Comprehensive with ransomware protection
• Built-in solutions: Time Machine (Mac), Windows Backup — better than nothing but consider dedicated solutions

Also backup:

• Cloud service files (Dropbox, Google Drive) — these aren’t backups themselves
• External drives used for storage

For Small Businesses (5-20 employees)

Recommended approach:

• Cloud backup service for all computers (Backblaze Business, Acronis)
• NAS device for local server/file backups
• Cloud backup for server data
• Microsoft 365 or Google Workspace backup solution if using these platforms

Popular NAS brands:

• Synology (excellent software, easy to use)
• QNAP (feature-rich, slightly more complex)
• Both offer built-in backup applications

For Medium Businesses (20-100 employees)

Consider:

• Dedicated backup appliances or servers
• Professional backup software (Veeam, Acronis Cyber Protect)
• Managed backup services from IT providers
• Disaster recovery planning and testing
• Business continuity considerations

For Specific Scenarios

E-commerce sites:

• Frequent database backups (hourly or more)
• Transaction log backups
• Website file backups
• Customer data protection paramount

Creative agencies:

• Large file support (video, design files)
• Fast local backups for active projects
• Long-term archival for completed work
• Version control for creative files

Professional services (accountants, solicitors):

• Compliance-focused retention
• Secure, encrypted backups
• Client confidentiality protection
• Regular testing and documentation

Budget Considerations

Backup costs vary widely:

Basic (individual): £5-10/month for cloud backup Small business: £50-200/month (cloud services + local hardware) Medium business: £500-2,000/month (comprehensive solution with management)

However: Compare this to the cost of data loss (often tens or hundreds of thousands of pounds). Backups are cheap insurance.

How JB Cyber Services Can Help

Whether you need backup strategy guidance, implementation support, or complete managed backup services, we help UK businesses protect their critical data.

Backup Strategy and Planning

We help you design appropriate backup approaches:

• Assess your data and recovery requirements
• Recommend suitable solutions for your budget and needs
• Plan 3-2-1 backup implementation
• Document backup and recovery procedures
• Establish testing schedules and responsibilities

Implementation and Configuration

We can implement backup solutions:

• Configure backup software and systems
• Set up local backup infrastructure (NAS, etc.)
• Implement cloud backup services
• Ensure encryption and security
• Train your team on backup procedures

Managed Backup Services

For businesses wanting comprehensive support:

• Ongoing backup monitoring and management
• Regular test restores and verification
• Quarterly disaster recovery testing
• Backup optimisation and maintenance
• 24/7 monitoring and alerting
• Rapid recovery support when needed

Disaster Recovery Planning

Backups are part of broader disaster recovery:

• Document complete recovery procedures
• Identify critical systems and acceptable downtime
• Establish recovery time objectives (RTO) and recovery point objectives (RPO)
• Plan for various scenarios (ransomware, hardware failure, disasters)
• Test and refine recovery procedures regularly

One-Time Assessments

Not sure about your current backup situation?

• Audit existing backup systems and processes
• Test current backups for reliability
• Identify gaps and vulnerabilities
• Provide clear recommendations
• No ongoing commitment required

Creating Your Backup Action Plan

Ready to improve your backup situation? Here’s your roadmap:

This Week

Assess current state:

• What data do you have and where is it?
• What backups currently exist (if any)?
• When were backups last tested?
• Who is responsible for backups?

Identify critical data:

• What data would be devastating to lose?
• What data changes frequently?
• What are legal retention requirements?

Check backup basics:

• Are computers backing up?
• Is server data backed up?
• Do backups include databases and configurations?
• Is anything backed up offsite?

This Month

Implement quick improvements:

• Enable computer backup services (Backblaze, etc.)
• Purchase and configure a NAS for local backups
• Set up automated cloud backups for critical data
• Document what’s being backed up and where

Test current backups:

• Attempt to restore files from existing backups
• Verify backups aren’t failing silently
• Fix any discovered issues immediately

Establish monitoring:

• Set up backup success/failure notifications
• Assign someone to monitor backup reports
• Create calendar reminders for testing

This Quarter

Move toward 3-2-1:

• Ensure you have local and cloud backups
• Verify offsite backup exists
• Implement versioning and retention policies
• Improve backup frequency for critical data

Create documentation:

• Document backup systems and procedures
• Write clear restore instructions
• Identify who’s responsible for what
• Store documentation somewhere accessible during disasters

Conduct disaster recovery drill:

• Simulate a system failure
• Practice full restore process
• Time how long recovery takes
• Identify and address gaps

Ongoing

Monthly:

• Test restore of sample files
• Review backup success reports
• Verify storage capacity is adequate
• Check that new data is included in backups

Quarterly:

• Disaster recovery drill
• Review and update documentation
• Assess whether backup approach still meets needs
• Consider whether business changes require backup changes

Annually:

• Comprehensive backup system review
• Full system restore test
• Update disaster recovery plan
• Review costs and consider optimisations

Conclusion

Backups are fundamentally insurance — you pay modest ongoing costs to protect against potentially catastrophic losses.

The question isn’t whether you can afford robust backup systems. It’s whether you can afford to be without them when disaster strikes. Because disaster isn’t a question of “if” — it’s “when.”

Hard drives fail. Ransomware strikes. Humans make mistakes. Disasters happen. The only variable is whether you’ll recover quickly and completely, or whether you’ll join the 60% of small businesses that close within six months of major data loss.

The good news: Implementing proper backups doesn’t require enterprise budgets or complex technical knowledge. The 3-2-1 rule provides a clear framework. Modern backup solutions are affordable, automated, and reliable. Testing procedures are straightforward.

The commitment required: Regular attention, not set-and-forget. Monthly testing, monitoring, and verification. Annual reviews and disaster recovery drills. Treating backups as the critical business function they are.

Start today. Not tomorrow, not next week, not after that upcoming project finishes. Every day without proper backups is a day you’re gambling with your business’s survival.

Whether you implement backups yourself or engage professional help, the important thing is having a robust, tested, reliable backup strategy in place. Your future self — the one who avoids a data loss catastrophe — will thank you.

Because the best time to implement proper backups was five years ago. The second-best time is right now.