Why backup matters for any size business
It’s not only big companies that lose data. Small businesses are often hit harder because recovery costs a bigger percentage of your time and budget. One failed hard drive, ransomware email, or accidental deletion can put you offline for days and waste a load of hard work.
The IBM Cost of a Data Breach Report (2023) found the average cost of a small business data breach is over £100,000. And that’s just the direct losses, not including missed work, lost trust, or fines.
If you think it’s rare, it’s not. Nearly half of UK small businesses reported some kind of cyber breach or attack in the last 12 months, according to government data.
Where most businesses go wrong
Too many companies assume they’re fine because their files are “in the cloud” or on OneDrive but cloud storage isn’t necessarily backed up by default. If a staff member deletes something, or ransomware scrambles it, the sync tool will just copy the mistake to all your devices.
Others think a USB drive counts as a proper offsite backup. It doesn’t. It’s manual, unreliable, and usually left in the same office as the rest of your systems.
And having one offsite copy is no guarantee. If it’s connected to the internet and not protected properly, ransomware can still reach it. We’ve seen this happen.
What RPO and RTO mean for your business
These terms sound technical but they’re just about time.
RPO (Recovery Point Objective) is how much data you can afford to lose. If your backup runs once a day and you lose everything at 4pm, you’ve lost a full day’s work.
RTO (Recovery Time Objective) is how long you can afford to be offline. Some businesses need to be back up in hours, others can tolerate a couple of days. The longer it takes to get your data back, the more money and trust you lose.
A good backup strategy lets you choose realistic RPO and RTO targets and meet them. That’s what makes the difference when something goes wrong.
What a real backup strategy looks like
You need three copies of your data: one live, one local, one offsite. That’s the 3-2-1 rule. That’s a great start. A working small business data backup setup includes:
A local copy you can access quickly (like an on-site server or NAS)
An offsite or cloud copy that’s independent from your main system
An immutable backup. One that can’t be edited, deleted, or encrypted by attackers
It must also run automatically. If your backup depends on someone remembering to plug in a drive, it will eventually fail. We recommend Microsoft 365 users add dedicated backup tools that give proper backup functions for emails, files, and SharePoint. These are things Microsoft doesn’t automatically back up for you.
Backups are boring, until you need them
Once a ransomware attack hits, or a flood takes out your hardware, it’s too late to set up a backup. You’re either scrambling to rebuild, or paying someone to try to recover what they can. In some cases, it’s gone permanently.
A survey from another IT support company showed 60% of small businesses that suffer a major data loss shut down within six months. We’ve seen business owners spend thousands recovering data that could’ve cost a few hundred to back up properly.
Backup is key to being able to keep trading when things go wrong.
Want to check if your setup’s enough?
Most backup setups we review have a gap somewhere: no immutable copy, no real offsite backup, or poor recovery time. If you’d like a straight conversation about what your current setup can and can’t do, speak to Lee at Clearsky IT.
We’ll help you plan for what happens next, before something actually does.
Further reading: Safety net of SME: prioritising data backup
