Business Backup & Disaster Recovery Guide
Most businesses think they have backups. Far fewer have ever tested whether those backups actually restore. This guide explains the building blocks of a modern backup and disaster recovery (BDR) strategy in plain English, so you can have an informed conversation with your IT provider or audit the one you already have.
The 3-2-1 rule still applies
The classic 3-2-1 backup rule remains the gold standard: keep at least three copies of your data, on two different media types, with one copy off-site. Modern best practice extends this to 3-2-1-1-0 adding one immutable (cannot be modified) copy and zero recovery errors verified by testing.
Recovery time and recovery point objectives
RTO Recovery Time Objective
How long can your business tolerate being down? An RTO of 4 hours means you've designed and paid for systems that can restore service within 4 hours of a disaster.
RPO Recovery Point Objective
How much data can you afford to lose? An RPO of 1 hour means backups run hourly and you accept losing up to one hour of work in a worst-case scenario.
What needs to be backed up
- On-premise file servers and databases
- Workstations and laptops with locally stored business data
- Microsoft 365 mailboxes, OneDrive, SharePoint, and Teams
- Line-of-business application data (accounting, ERP, CRM)
- Cloud platforms most SaaS providers do not back up your data for you
Ransomware-resilient backup design
Ransomware attackers actively hunt for and delete backups before encrypting production data. A modern backup must be immutable written once and locked from modification for a defined retention period so it cannot be deleted or encrypted by an attacker who has compromised admin credentials.
Test, document, and rehearse
- Run full restore tests at least quarterly, not just file-level spot checks
- Document the disaster recovery runbook with named owners and contact info
- Conduct an annual tabletop exercise simulating an outage
Frequently asked questions
Isn't OneDrive a backup?
No. OneDrive and SharePoint are synchronization services if a file is deleted or encrypted by ransomware, the change syncs to the cloud. A dedicated Microsoft 365 backup with point-in-time recovery is required.
How long should I keep backups?
Most Ontario small businesses keep at least 30 days of daily backups plus 12 months of monthly snapshots. Industries with compliance requirements (legal, healthcare, finance) may need 7 years or longer.
How much does a proper backup solution cost?
Plan on $5-$15 per user per month for Microsoft 365 backup, plus $0.05-$0.15 per GB per month for off-site server backup storage. The cost is a small fraction of even one day of downtime for most businesses.
Have you tested your backups recently?
Our team will audit your existing backup setup, identify gaps, and document a recovery plan tailored to your business.
Related services, locations, and resources
Related services
- Backup & Disaster Recovery
Backup strategy, monitoring, and recovery testing.
- Managed IT Services
Proactive monitoring, patching, and predictable monthly support.
- Cybersecurity Services
Endpoint protection, MFA, email filtering, and M365 hardening.
- Microsoft 365 Support
Exchange, Teams, SharePoint, OneDrive, and licensing.
Related service areas
Related resources
- How Much Do Managed IT Services Cost in Sudbury?
Real-world pricing for managed IT services in Sudbury what's included, what drives cost, and how Greater Su…
- Small Business Cybersecurity Checklist for Ontario Businesses
A practical, no-jargon cybersecurity checklist Ontario small businesses can work through in an afternoon co…
- Microsoft 365 Security Best Practices for Businesses
How to harden a Microsoft 365 tenant against the most common attacks MFA, conditional access, anti-phishing…
- Why Modern Businesses Need Endpoint Management
Endpoint management formerly known as MDM is the foundation of modern business device security. Here's what…