10 Best Practices for Small Business Backup

by Nov 21, 2019Business Continuity

Deploying a small business backup solution is the most important step to preventing data loss from ransomware, cyberattacks, accidental file deletion and other threats. But if you’re not backing up your data properly, recovering it can be a lot more challenging and costly.

Small businesses need to consider:

  • How often do we back up our data?
  • Where and how are the backups stored?
  • Which recovery methods should we use?
  • How long should we retain old backups?


While the answers to these questions will depend partly on the unique needs of the business, there are some general guidelines that every company should follow.

Use the following best practices for small business backup to ensure that your data is adequately protected and quickly recoverable during a disaster.


1) Start with a backup strategy

The single best practice for data backup is creating a detailed plan that outlines your company’s specific objectives. This is often included within a business continuity plan (BCP) or disaster recovery plan (DRP).

Statistics show that businesses without a disaster recovery plan are far more likely to shutter after a disaster. Despite this, FEMA says that 1 in 5 companies spend zero time on a DRP.

Before you’re even able to answer the questions listed above, such as backup frequency and infrastructure needs, you need to consider:

  • Risks of various data-loss events (ransomware, etc.)
  • Impact of those events on various operations (productivity, financial losses, etc.)
  • Objectives for restoring data quickly enough to lessen the brunt of that impact (recovery point objectives, recovery time objectives, etc.)

Remember, the recommended practices below are just a framework. Only you can determine the appropriate backup strategy for your business, which is why it’s so important to develop a detailed plan, prior to deployment.


2) Aim for business continuity

Be wary of lightweight backup solutions that merely replicate your data to an external drive or a cloud folder. Similarly, cloud-based file-sharing applications like Google Backup & Sync should not be used for small business backup (and they’re not intended to be).

As you compare your options, stick to solutions that provide business continuity – meaning they help to keep your business running after a disaster.

What’s the difference?

A mere backup of your files will be useless if all your applications, and the operating systems they run on, are infected by ransomware. Or, if it takes days to restore data from a backup, then it could be too late.

Business continuity and disaster recovery solutions (BC/DR) are designed to provide more robust recovery options, so that critical operations can continue with minimal interruption.


3) Back up data frequently

The more often you back up your data, the less you’ll lose in between recovery points. But just how frequent do your backups need to be?

Today’s BC/DR solutions from providers like Datto can take backups as often as every 5 minutes. That’s a far cry from the old days of overnight and weekend backups – though it doesn’t necessarily mean you actually need to back up every 5 minutes.

If your business uses different kinds of servers, for example, then some will require a higher priority than others. Datto provides the following examples as good practices for a small business backup schedule:

  • Exchange servers: hourly backups
  • Terminal servers: daily backups
  • Auxiliary domain controllers: several backups per week

Specific industries, such as healthcare and finance, may need to back up data more frequently to stay in compliance with regulatory requirements. Similarly, if your business is constantly producing or modifying large amounts of critical data, then you probably don’t want your backups to be more than a few minutes old.


4) Use remote storage

On-site backups are still the go-to for speed. But what if your on-premise infrastructure is destroyed in a fire? If you don’t have another backup off-site, then it’s game over.

Remote backup storage is critical for business continuity. When disasters occur on-site, you cannot afford to lose access to your data. Businesses should keep copies of their backups at a secondary location to ensure they can be retrieved when the worst disasters strike.


  • Backups stored in a private cloud / datacenter
  • Backups stored in a public cloud, i.e. Microsoft Azure or Amazon Web Services
  • Backups stored at a secondary business location

Remote storage should not be used as an alternative for on-site storage. Today’s best small business backup solutions offer hybrid backup protection, which keeps backups on site and in the cloud for the greatest assurance against all disaster scenarios.


5)  Retain backups for the long term

This, too, depends on your company’s specific needs. But every company needs to consider how long it should retain its backups before they can be permanently discarded.

Obviously, not every backup needs to be kept forever – however, you’ll want to retain certain backups for months or even years. Banks and healthcare organizations, for example, must comply with strict data retention policies that require them to keep backups for years.

A good BC/DR solution will let you customize the retention of all your backups, so that you have multiple copies of recent backups but also compressed versions of older backups as well.

Just for illustrative purposes, here is what an example data retention configuration might look like for a small business using BC/DR solutions from Datto:

  • Local backups: retained for 3 months
    • Intra-daily backups: retained for 7 days
    • Daily backups: retained for 2 weeks
    • Weekly backups: retained for 1 month
    • Monthly backups: retained until local backups are deleted


As a rule of thumb, retain backups for the long term, as long as it remains reasonable to do so. Providers like Datto have begun offering “infinite cloud retention,” which allows companies to store unlimited backups in the cloud with no time restriction.


6) Backups should not allow inbound Internet access

When a backup device is improperly connected to the Internet, it becomes far more susceptible to cyberattack. If your backups are infected with malware or encrypted by ransomware, then what good are they?

While a backup device will need to be able to transmit data to the cloud, it should not allow any inbound communication. The device should be deployed in a secure LAN environment and even the outbound communications should be limited to only those that are needed for the device to perform the cloud backups. All other communications should be denied.


7) Encrypt backups

In the event that your backups somehow end up in the wrong hands, you want to be sure that the data is inaccessible. This is important for every industry, but it’s an especially critical priority for sectors like healthcare, where HIPAA guidelines require added security measures to protect sensitive patient data.

When possible, backups should be encrypted while both in transit and at rest. This means the data remains encrypted as it’s uploaded to the cloud, as well as when it’s stored on the backup device and/or datacenter.

AES 256 and SSL key-based encryption are recommended, as they are generally considered to be unbreakable.


8) Test backups regularly

Just because you have a backup doesn’t mean it can be restored. Traditional incremental backups are notorious for data corruption, due to the way errors occur in the backup chain as each new incremental is added.

BC/DR providers have developed new backup processes that minimize these risks, such as Datto’s Inverse Chain Technology. Still, you need to be sure your backup will be viable when you need it.

Backups should be tested regularly to ensure they can be restored. Ideally, your backup system should have an automated process that validates each new backup automatically and alerts you if there are any issues.


9) Restore data according to the disaster

A good backup solution will offer numerous ways to restore data, based on the situation. You should not need to do a full backup restore just because a single critical folder has gone missing.

For individual files and folders, a file-level recovery will be the fastest and most efficient way to restore the lost data.

For more extensive data loss, you’ll probably want to roll back to the most recent recovery point, or use more precise restore options like Datto’s Rapid Rollback, which restores only the files that have changed since the last backup.

In cases where a protected machine is no longer bootable, a bare metal restore may be in order.

Choosing the appropriate recovery option is key to minimizing the impact of the disruption and getting lost data back as quickly and efficiently as possible.


10) Use backup virtualization while the recovery is underway

On leading BC/DR systems, virtualizing a backup typically takes just seconds, giving you near instant access to your protected machines, including the data, applications and operating systems.

In a catastrophic disaster, in which the data recovery will take some time, backup virtualization is an essential tool. It allows your teams to continue using the critical systems that your business runs on. It provides continuity through the disruption, ensuring that essential operations are minimally disrupted.


Get expert advice

Learn more about the best strategies and solutions for small business backup. Request a free demo of leading disaster recovery systems or contact our business continuity experts at Invenio IT. Call (646) 395-1170 or email success@invenioIT.com.

New call-to-action

Tracy Rock is the Director of Marketing at Invenio IT. Tracy is responsible for all media-related initiatives as well as external communications—including, branding, public relations, promotions, advertising and social media. She is one busy lady and we are lucky to have her!