Our Blog

Backups 101: Best Backup Strategy for Small and Medium Business

Backups 101: Best Backup Strategy for Small and Medium Business

William Palfrey William Palfrey
Updated on March 15, 2024, Post a comment

You hear it all the time. “Make sure you backup your data”.

And yes, you’ll hear it again here.

That’s because backups are important.

In fact, if you only have time to do one thing today, verify that your backups are working – and up to date.


Because your business is likely to fall into one of two categories.

  • Category A: Those that have lost data; or
  • Category B: Those that will.

Data loss happens. A lot. Sometimes it's accidental. Sometimes it’s not. And other times it can be a comedy of errors - but it’s not just four misplaced clicks of your team members' mouse that can cause unintentional data loss.

There are a whole bunch of factors that can have an impact on whether your team, your data – and your business – stay up and running. Or not.

Hardware failures, theft, fire, water leaks and natural disasters are some of the physical threats to your data. But there are incessant cyber threats too. And as much as you don’t like to think that your team members have any malicious intent, it’s not unheard of for relationships to go sour. Fast. Leaving your critical business data exposed - and vulnerable.

But enough of the doom and gloom. Restoring your business from significant data loss is absolutely possible. Easy, almost. But only if you (or your managed IT security provider) put a good backup strategy in place for your small to medium-sized business. Oh, and you actually enforce it - or better yet, automate it.

Here’s how.

3-2-1: A simple backup strategy for small to medium-business

Establishing a useable – and comprehensive business backup plan can be daunting. Complex. And overly technical. But it doesn’t need to be.

Sometimes the simple approach is the most effective. And the 3-2-1 backup strategy for your business doesn’t get much simpler – or more effective. Which is why it forms the core of all our comprehensive business backup solutions.

321 Diagram-min

Following the 3-2-1 backup system means you’ll have 3 copies of your data, 2 of which will be local i.e. in your office, and 1 copy will be stored offsite in a remote location. Here’s how it looks in a little more detail.

Copy #1 (In your office)

This is your live data that your business and team members access day to day.

Copy #2 (Also in your office)

This is a backup of your live data and should be stored on a separate storage device. Common scenarios include storing this backup on a USB Drive, NAS, or local backup server.

Copy #3 (Offsite location)

This is a backup that is safely secured offsite. This means that when disaster strikes, in one of its many forms, you’ll be able to restore your data – and get back to business – fast.

But. There’s a but. Restoring your data from an offsite backup means you need to keep this copy up to date – all the time. Which (we know) doesn’t always happen.

Tell me If this sounds familiar:

  • Your live data sits on your server and is humming away without a problem. Perfect. That’s Copy #1.
  • And you’ve got some sort of storage device, like a NAS (also known as a smallish, boxy-looking thing, with flashing lights and a bunch of hard drives inside), which stores a backup of your live data. Great. That’s Copy #2.
  • Finally, you’ve got a USB drive plugged into this ‘boxy-looking thing’ that stores another backup of your data. Oh, and there’s a convenient little reminder in your calendar that tells you to take the USB drive offsite each night, week, or month. You never snooze. Ever. Excellent - that’s Copy #3 in the bag.

Now, if you’re reading this thinking. “Great. Nailed it. Our current backup strategy seems to meet the 3-2-1 criteria” - because after all, you’ve got 3 copies of your data, right? Then it’s time for a little (honest) self-reflection:

  • Who is responsible to take Copy #3 (That USB Drive) home or to a safe location each night or week?
  • When was the last time they did it?
  • Can you confirm that?
  • In fact, how old is that USB drive?
  • And when was the last time it was rotated?

The truth is, if your off-site backup isn’t actually offsite, not kept up to date or not maintained - no amount of superhero IT wizardry can recover data that isn’t there in the first place.

We know prioritising the logistics of your offsite backup slips off your to-do list when you have a business to run, targets to meet, people to manage, etc. But the good news is, there’s a more convenient, automated and affordable way.

Introducing Cloud Backup Solutions for SMBs

In plain English, a cloud backup is a replication of your critical business data which is typically stored offsite and inside a futuristic-looking and very secure vault full of storage drives and flashing lights - also known as a Datacenter.

321 Cloud Diagram-min

At its most basic level, a cloud backup works by installing the best backup software application on your servers. This software is configured to automatically - and periodically - upload an encrypted copy of your data, via your internet connection, to the data centre for safe and secure storage.

Essentially, this automated solution manages your offsite backup for you, so you don’t have to.

Advantages of Cloud Backup for Businesses


Transitioning your offsite backup to the cloud makes the ongoing management and restoration of your data easy. Enjoyable, even. You choose how often you’d like to back up your offsite data and the cloud does the rest.


Get rid of the manual processes, calendar reminders and risk of human error. In short, it’s just a simple – and reliable - offsite backup that works.

Secure. Physically and Digitally.

Using the cloud means your data will be encrypted before it’s uploaded to a secure data centre for safe keeping.


From data recovery and hardware to logistics and time. Managing your data can be a costly business. But it doesn’t need to be. Cloud backups leverage your existing IT equipment, so you don’t have to fork out expensive hardware.


Enjoy the peace of mind that comes with a fully automated offsite backup solution that just works, even if you’re out of the office.


Your cloud backup isn’t restricted by the size of your hard drives. In fact, it isn’t restricted at all. Scaling your cloud backup to meet the needs of your business is simple, quick and affordable.

What data should I back up?

Everything. I know, it’s not the specific answer you were looking for. But anything and everything that’s critical to the day-to-day running of your business should be backed up. From financial records and inventory databases to CRMs and other essential information, backing up all your data isn’t nice to have.

It’s essential.

It’s easy to think “ah – just back up our server. That should cover it.” But have a think.

  • Is there a legacy database that still gets referenced?
  • Perhaps someone uses an old USB drive to retrieve information occasionally?
  • Are you using virtual servers? Do you have a backup plan in place for these?

It’s a good idea to get across the details of your backups, so you can identify any gaps in your current business backup solutions now before it's too late.

A good place to start is to spend 5 minutes writing a list of every resource that your team uses. And when you’re done, send it to your IT Partner, so they can confirm whether it is being backed up - or not.

Alternatively, you can copy these 7 questions and forward them to your IT Partner, so you can get clear on:

  • Precisely what data you’re backing up
  • What the expectations are for your recovery time in the event of a disaster; and
  • To what point in time you can expect to be restored after a data failure

Oh, and whilst you’re at it. Have your IT Partner confirm the level of security of your backups. i.e. Are your data backups encrypted and at an arm’s length (ie. physically disconnected) from your operational IT systems?

If you’re using Office Solutions IT’s Cloud Backup, you can relax knowing that these boxes are ticked and should a malicious user gain access to your systems, they won’t gain access to your backup data.

Do we need to back up our software subscription data too? (Think Office 365)


If your business is using Software as a Service (SaaS) solutions, such as Microsoft Office 365, your business might be a data loss disaster waiting to happen unless you have a third-party backup strategy in place.

Keep in mind that your Microsoft 365 data (whether it be files on OneDrive, Emails in Outlook, documents in SharePoint, spreadsheets in Excel, etc.) is not stored inside your network.

It’s sitting elsewhere - on one of Microsoft's servers.

And while Microsoft maintains this infrastructure to make sure you can access it all day every day, your data is your responsibility to maintain - not Microsoft's.

Which means it’s a single point of failure and vulnerable to data corruption and malicious activity. That is until you apply the 3-2-1 backup system to this data too. Which a lot of businesses forget. And if you’re in this category, consider Office Solutions IT’s Microsoft 365 Backup, so you can avoid the unnecessary risks of accidental – or intentional – data loss.

When to Back up your data

The regularity with which your backups are scheduled to run will typically be decided after a conversation with your IT Partner. This conversation would aim to determine how quickly you need to recover your data and how far back in time you can recover from. Here's a template you can use that will help you work out what these timeframes are for each of your business applications.

Every business is slightly different and as a result, your business will have a different RPO and RTO requirement than others. Oh, and if your eyes just glazed over at these acronyms. Here’s what they mean.

Recovery Point Objective (RPO)

This refers to a time in the past when you will recover.

Recovery Time Objective (RTO)

This refers to the time in the future at which your business will be up and running again.

RPO vs RTO-min

In a perfect world, your business will have:

  • an RPO that means your business can recover to the very second before a disastrous data loss; and
  • an RTO that means you’ll be back up and running in seconds.

But for most businesses that is not physically or financially possible. The idea here, if you haven’t already done so, is to use this RPO and RTO guide to establish what your business requirements are and schedule that conversation with your IT Manger to determine an RPO and RTO that:

  • you are comfortable with for each area of your business; and
  • sits within your business constraints.

Your data is your business, helping you to look after it, well, that's ours.

Every business is different. Different infrastructure. Different needs and different priorities. Which makes writing a generic article on backups that accounts for all the possible variations difficult.

Having said that, your business should have a comprehensive 3-2-1 backup strategy in place. And our ultimate backup guide for SMBs provides the all-important final piece of this strategy, to make it happen automatically.

If you’re aware of our proactive maintenance service, you’ll know that we routinely audit, test, update, and optimise every aspect of the IT environments we manage.

This includes analysing our historical incident data to identify issues proactively, so we can suggest modifications to improve your IT environment before they cause costly downtime.

And after a recent review of our historical incident data, we’ve seen a significant increase in the un-reliability of offsite backup solutions that require the manual process of:

  • a team member having to swap tapes,
  • rotate USB drives; or
  • action those, often-neglected, notifications to take your backup drive offsite every week.

When your offsite backups are automated, you’re free to focus on looking after your customers and building your business.

There are a bunch of other benefits you’ll receive when transitioning to our new cloud backup solution. But there’s an outcome that stands head and shoulders above the rest. And that’s greater reliability and less risk for your business. Oh, and no more pesky calendar reminders either.


Backup your data before disasters strike

You might not know this but cyber disasters are inevitable no matter how secured your IT is.

So what do you do? Of course, create a backup strategy that will help you save and restore your business data.