Backup Strategy Assessment
Backup Strategy Assessment

Photo by panumas nikhomkhai on Pexels
Data loss can shut down a small business permanently — 60% of companies that lose their data go out of business within six months. Your backup strategy is your safety net. This lesson guides you through assessing whether your backups will actually save you when disaster strikes.
The 3-2-1 Backup Rule
The gold standard for backup strategy is the 3-2-1 rule. Verify your approach meets this standard:
- 3 copies of your data — One primary copy plus two backups
- 2 different media types — e.g., local external drive and cloud storage
- 1 copy stored offsite — Cloud backup or drive stored at a different location
If your current strategy does not meet this standard, you have a critical gap to address.
What Should You Be Backing Up?
Audit your backup coverage across these categories:
- Documents and files — Shared drives, user folders, project files
- Email — Mailboxes, contacts, calendars, shared mailboxes
- Databases — Customer data, accounting records, inventory systems
- Application configurations — Settings for CRM, ERP, accounting software
- Mobile devices — Phones and tablets with company data
- Cloud data — Microsoft 365, Google Workspace, SaaS applications
Many businesses assume their cloud provider handles backups. Microsoft 365 and Google Workspace have limited retention — deleted items are typically purged after 30-90 days. You need third-party backup for cloud data.
Assessing Backup Frequency
How often should backups run? It depends on how much data you can afford to lose (Recovery Point Objective or RPO):
- Critical data (customer records, financial data): Every 1-4 hours or continuous
- Important data (documents, project files): Daily
- Less critical data (archives, historical): Weekly
Check your backup schedules and compare them to your RPO. If you back up weekly but your RPO is daily, you have a gap.
Step-by-Step Backup Assessment
- Inventory your data — List all data types and their locations
- Map current backups — Document what is backed up, where, and how often
- Identify gaps — Compare coverage against your data inventory
- Verify the 3-2-1 rule — Confirm 3 copies, 2 media, 1 offsite
- Check retention policies — How long are backups kept? Minimum 30 days recommended, 90+ for compliance
- Review access controls — Who can delete or modify backups? Limit this to 1-2 trusted individuals
- Assess ransomware protection — Are backups immutable (cannot be deleted/modified)? This prevents ransomware from encrypting your backups
Cloud Backup Considerations
If using cloud backup, verify:
- Backup data is encrypted both in transit and at rest
- You can restore individual files, not just full system images
- Bandwidth is adequate for restore operations (test download speeds)
- The provider offers versioning (keeping multiple versions of each file)
- The provider has a documented recovery time objective
Free and Low-Cost Backup Tools
- Windows File History — Free built-in backup for Windows PCs
- Time Machine (macOS) — Free built-in backup for Mac
- Duplicati — Free open-source backup with cloud support and encryption
- Veeam Community Edition — Free backup for up to 10 instances
- BorgBackup — Free open-source deduplicating backup
- Google Drive / OneDrive — Free tiers for cloud file backup
Key Takeaways
- Follow the 3-2-1 rule: 3 copies, 2 media types, 1 offsite
- Cloud providers like Microsoft 365 do not guarantee full backups — add third-party protection
- Set backup frequency based on your Recovery Point Objective
- Make backups immutable to protect against ransomware
- Document your backup strategy — data flow, schedule, retention, and responsible parties
Backup Strategy Assessment

Photo by panumas nikhomkhai on Pexels
Data loss can shut down a small business permanently — 60% of companies that lose their data go out of business within six months. Your backup strategy is your safety net. This lesson guides you through assessing whether your backups will actually save you when disaster strikes.
The 3-2-1 Backup Rule
The gold standard for backup strategy is the 3-2-1 rule. Verify your approach meets this standard:
- 3 copies of your data — One primary copy plus two backups
- 2 different media types — e.g., local external drive and cloud storage
- 1 copy stored offsite — Cloud backup or drive stored at a different location
If your current strategy does not meet this standard, you have a critical gap to address.
What Should You Be Backing Up?
Audit your backup coverage across these categories:
- Documents and files — Shared drives, user folders, project files
- Email — Mailboxes, contacts, calendars, shared mailboxes
- Databases — Customer data, accounting records, inventory systems
- Application configurations — Settings for CRM, ERP, accounting software
- Mobile devices — Phones and tablets with company data
- Cloud data — Microsoft 365, Google Workspace, SaaS applications
Many businesses assume their cloud provider handles backups. Microsoft 365 and Google Workspace have limited retention — deleted items are typically purged after 30-90 days. You need third-party backup for cloud data.
Assessing Backup Frequency
How often should backups run? It depends on how much data you can afford to lose (Recovery Point Objective or RPO):
- Critical data (customer records, financial data): Every 1-4 hours or continuous
- Important data (documents, project files): Daily
- Less critical data (archives, historical): Weekly
Check your backup schedules and compare them to your RPO. If you back up weekly but your RPO is daily, you have a gap.
Step-by-Step Backup Assessment
- Inventory your data — List all data types and their locations
- Map current backups — Document what is backed up, where, and how often
- Identify gaps — Compare coverage against your data inventory
- Verify the 3-2-1 rule — Confirm 3 copies, 2 media, 1 offsite
- Check retention policies — How long are backups kept? Minimum 30 days recommended, 90+ for compliance
- Review access controls — Who can delete or modify backups? Limit this to 1-2 trusted individuals
- Assess ransomware protection — Are backups immutable (cannot be deleted/modified)? This prevents ransomware from encrypting your backups
Cloud Backup Considerations
If using cloud backup, verify:
- Backup data is encrypted both in transit and at rest
- You can restore individual files, not just full system images
- Bandwidth is adequate for restore operations (test download speeds)
- The provider offers versioning (keeping multiple versions of each file)
- The provider has a documented recovery time objective
Free and Low-Cost Backup Tools
- Windows File History — Free built-in backup for Windows PCs
- Time Machine (macOS) — Free built-in backup for Mac
- Duplicati — Free open-source backup with cloud support and encryption
- Veeam Community Edition — Free backup for up to 10 instances
- BorgBackup — Free open-source deduplicating backup
- Google Drive / OneDrive — Free tiers for cloud file backup
Key Takeaways
- Follow the 3-2-1 rule: 3 copies, 2 media types, 1 offsite
- Cloud providers like Microsoft 365 do not guarantee full backups — add third-party protection
- Set backup frequency based on your Recovery Point Objective
- Make backups immutable to protect against ransomware
- Document your backup strategy — data flow, schedule, retention, and responsible parties
There are no comments for now.