Data Protection Tool

Very Simple Tips for a Successful Small Business Backup Strategy

Picture of Dale Shulmistra

Dale Shulmistra

Data Protection Specialist @ Invenio IT


Small Business Backup Strategy

How often should you back up data for your business?This is just one of many important questions that organizations must consider when creating a small business backup strategy. And since each business is unique, every organization will have its own specific recovery needs and objectives.

Simply having a small business backup system is not enough. Without the right backup strategy, you could still risk losing a ton of critical data.

Here are some simple tips for determining the right strategy for your company.

What goes into a small business backup strategy?

Backup frequency is indeed a key aspect of your overall strategy. But there are many other things to consider as well:

1) How often should data backups occur? In general, the more frequent, the better. But does your business really need continuous backup? It all depends on how you use your data.

2) Do certain types of data need to be backed up more frequently? As a rule of thumb, yes. Your most critical data – the files that are vital to your operations – should be the highest priority. Less important (or more static) files likely don’t need to be backed up as often.

3) Where will the backups be stored? On site? In an off-site datacenter? Public or private cloud? Maybe several locations for greater protection?

4) How quickly will the data need to be recovered to prevent a disruption? A key component of your backup strategy will be identifying recovery time objectives for various types of data. This will also help to identify backup systems that are capable of achieving those objectives.

5) What about SaaS data—can that be backed up too? If you’re storing data in cloud-based applications such as Microsoft 365, then you should be backing that up too. But how, and how often?

6) Who will manage the backup and recovery processes? Which team member(s) will be responsible for restoring data from backups when needed? Will a third-party IT provider be needed to assist with this process?

7) How can the backup strategy be improved with company policy?How will you identify and resolve potential gaps in the strategy? Can data-loss events be prevented with certain types of planning, such as user training?

A 360-degree strategy is essential. Inadequate planning in any of these areas will come back to bite you when data loss inevitably occurs.

How data loss destroys small businesses

Let’s take a moment to address why it’s important to have a small business backup strategy in the first place.

  • Data loss happens all the time: Roughly 7 out of 10 businesses experience data loss due to a multitude of reasons: accidental file deletion, hardware failure, malware, cyber
    attacks, natural disasters and others.
  • It’s extremely costly: Data loss from ransomware costs small businesses an average of $100,000 per incident due to the downtime alone.
  • Recovery is challenging: Some research has shown that 60% of small companies that experience data loss shut down within 6 months. Even in cases where the data can eventually be recovered, the operational disruption is so great that many businesses do not survive in the long term.

A good business continuity and disaster recovery (BC/DR) solution is only a first step. With the right backup strategy, businesses can significantly reduce the risk of both data loss and downtime.

Determining your strategy

Creating a good backup strategy is almost impossible without knowing the unique risks to your business. So the very first step should be developing a disaster recovery plan, consisting of a thorough risk assessment and business impact analysis. (If you need help creating one, use this disaster recovery plan template.)

Once you’ve identified your risks, you’ll be able to set two very important objectives that will guide your backup strategy: a recovery point objective (RPO) and a recovery time objective (RTO). Both objectives pertain to how you can recover data from a backup, but there are important distinctions between them:

RPO vs. RTO for small business backup strategy

You need to make sure that your data backup solution is capable of meeting these objectives. Setting an RPO and RTO will help you identify the right technologies for a successful backup strategy.

Best practices for backup frequency

There are no hard and fast rules for how often your data should be backed up. Businesses that handle large volumes of extremely sensitive data need to perform backups every few minutes. Smaller businesses that rely less on data may only need to perform backups once a day.

A good backup solution will allow you to customize the frequency for different types of data. This ensures that your most valuable datasets are backed up more frequently, while more static data can go longer without replication, reducing the load on your systems.

As a general rule of thumb, Datto recommends the following backup frequencies for various server roles and data types:

Server / Data Type Backup Frequency
Exchange servers Hourly
Terminal servers Daily
Auxiliary domain controllers 3-4 backups per week
SaaS data (i.e. M365) 3 times per day

Where to keep your backups

The location(s) where you store your backups are an important part of your overall backup strategy. It affects how well your data is protected against various disaster scenarios and also how fast you’ll be able to recover data.

For the majority of businesses, your three basic options will be:

  • On-site: This setup typically relies on a server or backup appliance kept on-premise at the business. One advantage of keeping backups onsite is that it provides the fastest possible access to your data, which is especially valuable if you need to do a full restore. However, a key disadvantage is that the backups remain vulnerable to disasters that occur onsite, such as a building fire, severe flooding and so on.
  • Cloud (private or public): Storing backups in the cloud involves keeping your data on servers and/or backup appliances inside a private datacenter or a shared public cloud. By keeping the backups off-site, this setup provides extra protection against the risk of on-site disasters. One disadvantage of cloud backups is that a full data restore, if needed, could take a long time to transfer over the internet, depending on the size. (For large datasets, it may be faster to mail the backups on physical drives.) But newer features like cloud backup virtualization can enable businesses to boot their backups as virtual machines in the cloud, for instant access to data and applications while the larger recovery is still underway.
  • Hybrid: This setup provides a mixture of both options: on-site and cloud. Backups are stored on an on-site server or dedicated backup appliance and also replicated to the cloud. A hybrid backup strategy ensures the fastest possible access to data while also providing protection against on-site disasters.

In recent years, hybrid backups have become the preferred strategy for businesses that are looking for greater data protection.

SaaS backups

The rise of SaaS applications has increased the need for cloud-to-cloud backup within your overall backup strategy.

To be clear, cloud-to-cloud backup is not the same as the traditional cloud backups mentioned above. Cloud-to-cloud backups are backups of the data stored within cloud-based SaaS applications, like Microsoft 365 (M365).

Data loss within these applications is extremely common, usually caused by accidental deletion, overwrites and misconfigured integrations. As businesses increasingly depend on these apps as part of their critical operations, it has become more vital to back up this data. SaaS backup services like Datto’s Backupify can automatically backup data in applications like M365 and Google Workspace (formerly G Suite), copying it from the provider’s cloud to Datto’s cloud.

Backup testing

Routine testing is an important component of any small business backup strategy.

Backups should be regularly tested to ensure they can be restored without issue. Some forms of incremental backups, for example, are notorious for failure during the recovery process. This is commonly caused by corrupted data in one of the incrementals, which effectively breaks the backup chain during a rebuild process.

Newer backup technologies, such as Datto’s Inverse Chain, help to prevent these failures with fully constructed backups that eliminate dependency on a chain. However, backups should still be tested to confirm they are working properly.

The best strategy for backup testing is to validate each backup at the time it’s created. In the case of Datto, each new backup is automatically validated by test-booting backup as a virtual machine.

Data retention

How long should a small business retain its backups?

If you’re creating new backups multiple times a day, how many of those recovery points should be saved? For most data-loss events, you’ll only need the most recent backup to recover the files you need. But there may be some instances where it’s necessary to choose an older backup. For example, after a widespread ransomware attack, you may need to go back several recovery points to identify a backup that did not contain the infection. Separately, some organizations must comply with federal regulations that dictate how long backups must be retained.

Which data retention policies are best for small businesses? While every business is different, the following example from Datto illustrates how a business might approach this:

Backup Type Retention Period
Local backups 3 months
Intra-daily backups 5 days
Daily backups 2 weeks
Weekly backups 1 month
Monthly backups Until local backups are deleted
Cloud backups 3 months


In the case of Datto, those retention options are actual settings that can be configured within the platform’s UI, making it easy to control how long backups are retained and which are pruned.

Data pruning

Deciding who manages your backup strategy

Many businesses, small and large, do not have enough in-house resources (or time) to manage their entire continuity strategy. In many cases, it makes more financial sense to depend on a skilled managed service provider (MSP) that can bring even more expertise to the backup strategy.

In fact, some DRaaS solutions (disaster recovery as a service) can provide a higher level of data protection and service than a company can achieve in-house, while also being more affordable than expanding internal IT teams.

Businesses need to weigh these benefits carefully when determining their backup strategy, ideally before investing in a new BC/DR deployment.

Supporting the strategy (beyond technology)

A small business backup strategy should not consist of technology alone. Businesses must address the root causes of data loss, separate from the recovery systems.

Consider that most data loss occurs from accidental deletion and hardware failure. Also, most ransomware infections arise from malicious emails and attachments being opened by unsuspecting employees.

This is where good policy and preventative strategies can go a long way.

What to consider:

  • Internet / email / data policy: Set policies that help prevent the most common data-loss events from occurring. For example, you can set policies for how users should deal with emails from unknown senders. In IT, you can set policies that dictate network configurations and access controls that limit users to only the folders they need (which can help prevent the spread of some malware infections).
  • Employee training programs:Continually educate personnel on those policies. Use training programs to remind users of the risks of data loss, ransomware and cyberattacks. Demonstrate how these events typically occur and best practices for preventing them.
  • Ongoing continuity planning and testing: Assess the success of your backup strategy on an ongoing basis (especially after a data-loss event has occurred). Set policies for how often this planning should be reviewed and tested.

Frequently Asked Questions

Identifying the right backup strategy for your business can take time, but it doesn’t need to be difficult. To recap some of the key points outlined above, let’s look at some of the most frequently asked questions about small business backup strategies.

1) What is a backup strategy?

A backup strategy defines how a business approaches its data backups. This strategy can include objectives for backup frequency, storage, age of backups, testing and other factors. The underlying goal of a backup strategy is to ensure that a business has reliable backups that can be used when data is lost.

2) What is the best backup strategy for small businesses?

Backup strategies must be customized to each company’s specific needs and business objectives. However, some fundamental strategies recommended for most small businesses include: daily or more frequent backups; local and off-site backup storage; and automated backup testing that confirms backups are viable and recoverable.

3) How often should you back up your data?

Small businesses should back up data at least once daily, although it depends on the specific needs and nature of the business. Critical data may need to be backed up more frequently. For example, a rule of thumb for backing up email and Exchange servers is once an hour.

4) What is the best backup solution for a small business?

The best backup solution for a small business is one that can perform backups frequently enough to minimize the potential loss of critical data and also offer reliable recovery methods that can restore lost data quickly.

The Datto SIRIS and ALTO are widely considered the best backup solutions for small businesses due to their high-back up frequency, instant recovery capabilities, integrated cloud backup and simplified deployment.

5) What is the 3-2-1 rule for backups?

The 3-2-1 rule is a backup strategy that involves creating 3 copies of your data, 2 different types of backup formats and 1 backup stored offsite. There are other variations of the 3-2-1 rule, but the basic principle behind the strategy is creating enough backups to protect against various types of data-loss events.


Having a backup strategy ensures that your small business is adequately protected against data loss. It’s an essential form of planning that outlines how and when your business performs data backups. Without such a strategy, you may not realize if your backups aren’t being performed frequently enough (or via the right methods) to avoid a catastrophic loss of data.

Always remember that a good backup strategy is only as good as the technology and planning behind it. Even after deploying a new BC/DR solution, businesses must continue to reassess their overall readiness to ensure that the backup strategy remains successful.

Request a Free Demo

Request a free demo to see how hybrid-cloud backup and disaster recovery solutions from Datto can protect your business from data loss. Call our business continuity experts today at (646) 395-1170 or email

Get the Ultimate Cybersecurity Handbook for Employees
Invenio it logo

Join 23,000+ readers in the Data Protection Forum

Related Articles