Backups, Disaster Recovery, and Business Continuity: Protecting Your Business Data
How to make sure your backups actually work, recover fast when something breaks, and keep operating through ransomware, hardware failure, or human error.
What you'll take away
- A backup is only real once it has been tested. Plenty of businesses discover their backups were broken or a year out of date only after ransomware or a deleted file.
- Know the three levels: a traditional backup, a disaster recovery solution for fast restores, and a business continuity solution that keeps you working with no downtime.
- The 3-2-1 rule: three copies of your data, across two providers, with one kept off-site in cold storage that your live systems cannot reach.
- File backups restore a document. Full system-image backups restore the whole machine, settings and software included, which cuts downtime from hours to minutes.
- Match the solution to your downtime tolerance and your retention and data-residency needs, then give one person clear responsibility for it.
This is a recording of a session Jake ran on protecting the data and systems inside your business, using backups, disaster recovery, and business continuity. It is written for owners and staff rather than IT specialists, and it works through the practical decisions: what to back up, how often, where it should live, and how quickly you need to be back at work when something goes wrong.
You can watch the full session above, or read the summary and complete transcript below.
What the session covers
Backups are one of the most important parts of any business’s IT, and one of the easiest to get quietly wrong. Jake walks through the threats to your devices, networks, and cloud accounts, what separates a backup you can trust from a false sense of security, and how to choose between three levels of protection. It ends with a short demo of backing up a computer with OneDrive and Google Drive.
The three levels of protection
- Traditional backup. Your data is copied somewhere, on-site or off-site, and you leave it running. Cheap and simple, but recovery can take days.
- Disaster recovery. Built on top of a backup, with the spare hardware, policies, and procedures to restore fast. A broken laptop or failed server is back in minutes to an hour, not days.
- Business continuity. A cloud-hybrid setup where, if a server or site goes down, staff keep working off the backup with little or no interruption. Jake has seen it carry a fifty-person firm through a full server failure without anyone noticing.
What makes a backup you can trust
A good backup protects four things: the confidentiality of your data (the backup is separated from your live systems, so one breach does not expose both), its integrity (you can restore a clean copy over corrupted data), its availability (you can start working off the backup immediately), and its accountability (alerts, logs, and one named owner, with restores tested on a schedule). Umbrella tests client backups weekly for exactly this reason.
The 3-2-1 rule, and what to back up
Keep three copies of your data, across two providers, with one copy off-site in cold storage that does not talk to your live data (so ransomware cannot reach it). Back up your devices (file and full system-image), your network configuration and spare hardware, and your online accounts (email, contacts, calendars, files, and website data). Match the frequency, retention, and method to your downtime tolerance and your budget.
A note on data residency
The session raises keeping regulated data on Canadian servers. To be accurate for 2026: using a US-based provider or Google is not illegal under Canadian privacy law (PIPEDA or BC’s PIPA). What matters is knowing your sector’s obligations, getting consent where it is required, and choosing where regulated data lives based on those obligations and your clients’ expectations. We are happy to map the specific requirements for your industry.
Full transcript
Lightly edited for readability, and product names corrected (Datto, Veeam, Acronis, Backblaze). The recording above is the source of record.
Read the full transcript
Welcome
Hello everybody, my name is Jake from Umbrella IT Services, and thank you as usual for joining me. Today we are talking about securing the data and systems inside your organization using backups, disaster recovery, and business continuity solutions.
Before we begin, I have left a two-week trial link for Backblaze in the description. That is a file backup service, so if you want a simple set-it-and-forget-it backup for your Mac or PC, you can try it free for two weeks, and continue after for roughly five to ten dollars a month depending on your usage. If you find this useful, a like and a subscribe help, and you can send suggestions to tech tips at umbrella IT services dot ca.
Why backups matter
In my opinion, backups are one of the most important parts of any organization's IT, and it is very important to get them right. I have worked with a lot of businesses that thought they had good backups. They got hit by ransomware, or someone deleted a file, and it turned out the backups had not been verified in over a year, or were not working the way they thought. They lost hundreds of thousands of dollars of information, or the business was down for three or four weeks while still paying staff. So it is worth making sure you have a proper backup in place.
Today we will review the threats to your data, three types of backup solution to prevent data loss and downtime, and then a short demo of backing up with Google Drive and OneDrive, since most people use Microsoft 365 or Google Workspace. For anyone on neither, or who wants another layer, Backblaze is in the description.
Data-loss liabilities: devices
Each part of your digital infrastructure faces its own risks. The goal is not just to back up your data, but to make sure that if something happens to a piece of infrastructure you can recover quickly and get back to work. For devices, the liabilities are virus or ransomware infections, hardware or software failure, security breaches (physical or digital, internal or external), accidental data loss, and outdated hardware or software that simply fails. You should list these out and have a recovery plan for each, so a spilled coffee or an encrypted drive costs you fifteen minutes, not a full day.
Networks and cloud services
With networks, most threats cause downtime rather than data loss: passive and active network threats, hardware or software failure, and communication failures. Avoid single points of failure. If you cannot get online, most people cannot do their jobs, so networks need protecting from downtime the way devices need protecting from data loss.
Cloud services touch both. Someone can breach an account and lock you out or delete data. A denial-of-service attack can cut off access. Hardware and software can fail on the provider's side too, so plan for Microsoft or Google going down as much as your own computer. A few years ago a storm hit Amazon's server farms and took down a large share of services across Western Canada and the US for a while. If you are building on someone else's platform, make sure your data is also backed up locally. And watch non-secure third-party apps you have granted access to your files, because a breach of that app can become a breach of your data.
Users are the biggest liability
Users are the biggest liability. As we covered in our information security seminar, around 91% of attacks on businesses now come from social engineering, which means hacking the people rather than the technology. You want users who do not fall for those tricks, who do not accidentally delete things (or who know how to reverse and trace their steps with an audit log), and who follow policy. Human error and general negligence cause a lot of the incidents I see. There is a link to our social engineering talk in the description.
Ransomware, and the "we're too small" myth
Ransomware installs malicious software that encrypts all your files and demands a payment to unlock them. Without a good backup, you are at the attackers' mercy. To reiterate some numbers we have covered before: 71% of ransomware attacks in 2018 targeted small and medium businesses, with an average demand around one hundred and sixteen thousand dollars, 60% of organizations lose access to their data for sixteen days or longer, and 54% of affected organizations believed they were too small to be a target.
That last point is the big one. We work with four-person financial firms, bookkeepers, lawyers, film production studios, and they often do not think they are important enough to be targeted. But most of this comes through automated systems and mass social engineering. A robot scans networks for exploits and attacks whatever it finds. It is not about whether you are important enough. If you have an exploit available, the automated systems target you anyway. So invest as little as ten dollars a month in something like Backblaze, or as much as twelve hundred dollars a month for business continuity. There is no excuse in 2020 not to protect your digital data the way you protect the business with insurance.
What makes a good backup
A proper backup protects four things. Confidentiality: if someone breaks into your main system, your backup should stay separate and secure. Integrity: if your live data is corrupted, you can restore a clean copy from the backup. Availability: if hardware fails or data is deleted, you can start working off the backup immediately while it is being restored. Accountability: you have automatic alerts and logs, and one person who can tell you when the backups were last tested and confirm they work.
What to back up
Back up your devices, networks, and online accounts. For devices, that means file backups (which OneDrive, Google Drive, Backblaze, and CrashPlan handle) and full system-image backups. A system image clones the entire computer, so your programs, settings, and configuration come back too. If you spill coffee on your laptop, IT pulls a spare from the back, restores the image, and half an hour later you have the same computer exactly as it was. With only a file backup, you are running to the store, reinstalling software, and reconfiguring settings until three in the afternoon for a problem that started at nine.
For servers, avoid single points of failure. A sister server configured for high availability can pick up in about thirty seconds if the first one fails. Keep on-site and off-site backups: on-site for fast restores, off-site because if ransomware hits your live systems, an always-connected on-site backup can be taken down with them.
For networks, back up your configuration, keep a spare switch so a failure means fifteen minutes rather than a week, and consider an internet failover connection. A second DSL line from the other provider, as cheap as ten to fifteen dollars a month, keeps you running when your main connection is cut. For online accounts, make sure emails, contacts, calendars, personal and shared files, and website data are backed up locally, because you are trusting providers like Microsoft, Google, and your web host with that data.
The backup and disaster recovery checklist
When you choose a solution, work through a few things. Identify your critical data, the data you cannot lose. Decide your backup frequency and balance it against cost, from a live continuous backup down to a scheduled one. Check the retention policy carefully. If you are paying for "unlimited retention," find out whether three-times-a-day backups get thinned to monthly after a few months, because that matters for anyone who needs to reach into the archives later.
Consider the location of backups and your compliance requirements. Choose your method, on-site for fast restores, off-site for ransomware protection, or both, which is why solutions that back up locally and to the cloud at once do so well. Decide between file and full system backups based on downtime tolerance. And put policies in place: the 3-2-1 rule, assigned responsibility, a specified solution, tested restores, and regular recovery drills, the same way a school runs fire drills.
Policies and the 3-2-1 rule
The 3-2-1 rule means three copies of your data, across two vendors, with one completely off-site and separate from your live data in cold storage that does not change the instant you edit a file. Assign responsibility to one person, so that when something goes wrong there is a captain for the ship with a plan, rather than everyone saying it was not their job. Understand the unique threats to your business, identify your critical data, meet your legal and compliance requirements, test recovery on a schedule, and review your recovery procedures so key people know the simple steps to take in a crisis.
The three levels: traditional, disaster recovery, business continuity
These get more expensive from left to right, for good reasons. A traditional backup is set-and-forget: data goes on-site or off-site, file or full system, and that is it. It is cheap and it works, but it does not plan for what happens when data loss or downtime actually occurs, so you might be down for a week or two.
A disaster recovery solution builds on a traditional backup and adds the detail to resolve downtime and data loss quickly: on-site and off-site backups, policies, procedures, and spare hardware for low downtime tolerance. The spilled-coffee laptop is back in half an hour instead of a whole afternoon, and the only added cost might be an eighty-dollar hard drive, since software like Veeam is free.
Business continuity is what I recommend for most businesses now. It means your business keeps operating when a disaster hits. If your server goes down, the continuity solution kicks in and staff keep working off the backup with no downtime or data loss. We have seen Datto bring a fifty-person firm back in under fifteen minutes after a complete server crash, with no one even filing a ticket. These start around ninety-nine dollars a month from a provider like Datto and run up to fifteen hundred to twenty-eight hundred a month for larger setups. If you want your own path, Acronis is a good option for small businesses that want some continuity without an exorbitant monthly cost.
Business continuity, in practice
A cloud-hybrid business continuity setup has an on-site box backing up your server, and that box backing up to the cloud. If ransomware hits, everyone signs into the cloud and keeps working while the server is restored. If there is a fire, you work off the cloud. If a local laptop breaks, you work off the on-site box. Combine that with clear administrative policies and recovery procedures so staff are notified and know what is happening. These solutions get more affordable every year, and they suit any business with effectively zero tolerance for downtime.
Demo: OneDrive and Google Drive
Here is the quick version for a Windows computer. For Google Drive, install Backup and Sync and sign in. It immediately offers to back up your Desktop, Documents, and Pictures, and you can add any other folder with Choose Folder. That is it. For OneDrive, click the icon, open Settings, go to the Backup tab, choose Manage Backup, and select Desktop, Documents, and Pictures, then Start Backup. Most people already have one of these, so it is an easy way to make sure your files are safe somewhere else. For my own machine, with a lot of drone footage and other files, I use Backblaze at a flat ten dollars a month.
Closing
That is it for today. We covered data liabilities and what they mean for each part of your infrastructure, the principles that keep backed-up data safe so you do not have a false sense of security, the backup and disaster recovery checklist, and how easy it is to use OneDrive and Google Drive. As a basic setup, use OneDrive, Google Drive, Backblaze, or Jungle Disk for your files, and a system like Acronis, Veeam, or Datto for full system images, so that if anything goes wrong you are not starting from scratch. Thanks for tuning in, and have a fantastic weekend.
Want this checked against your own setup?
Book a free IT assessment and a senior tech will review where your business stands, with no obligation.