Here’s a thing that happens regularly to small businesses: they think they have a backup. Then something goes wrong — a ransomware attack, a failed hard drive, an accidental deletion — and they discover the “backup” wasn’t working, wasn’t current, or didn’t include the files they actually needed. The backup was a false sense of security.

Getting backup right isn’t complicated, but you have to do it deliberately. Here’s what actually works.

What you need to back up

Not everything on your computers or servers is equally important. Start by identifying your critical data — the stuff that, if it were gone tomorrow, would seriously damage your business:

  • Financial records: QuickBooks files, invoices, receipts, payroll records
  • Client files and contracts: Project files, signed contracts, deliverables
  • Business operations: Employee records, vendor agreements, SOPs, policies
  • Email (if business-critical): Some businesses can reconstruct email from cloud backups; others can’t afford to lose any of it
  • Custom databases or software data: Any data stored by industry-specific software you use

Everything else — installed programs, operating system files, generic downloads — doesn’t need to be in your backup strategy. Installed programs can be reinstalled. Your client data cannot be reconstructed.

The 3-2-1 backup rule

Any backup professional will tell you the same thing: follow the 3-2-1 rule.

  • 3 copies of your important data
  • 2 different storage types (for example, one copy on your computer’s drive and one in the cloud)
  • 1 copy offsite — physically separate from your office (cloud counts as offsite)

Why three copies? Because backup media fails. A backup drive that failed silently while you thought it was working is a common story. Three copies means you have two remaining even if one fails. Why offsite? A fire or flood that destroys your office destroys everything in it — including backup drives sitting on the same shelf as the computers they’re backing up.

Cloud backup is the simplest way to satisfy the “offsite” requirement automatically.

Cloud backup options for small businesses

Backblaze Business Backup (~$99/year per computer): The simplest option for backing up individual computers. Install the app, let it run in the background, and it continuously backs up everything on the computer to Backblaze’s cloud. Restoration is straightforward. At around $99/year per machine, it’s affordable for most small businesses.

Microsoft 365 / Google Workspace backup: If your business runs on Microsoft 365 or Google Workspace, your email and files are already in the cloud — but that’s not the same as a backup. Cloud storage can be deleted, overwritten, or compromised by ransomware. A separate backup service (like Backupify for Google, or Veeam for Microsoft 365) creates an independent copy of your cloud data that can be restored independently of your main account.

Acronis Cyber Protect (previously Acronis True Image): A more comprehensive option that includes both local and cloud backup, with ransomware protection built in. More expensive and more complex to configure than Backblaze, but useful for businesses that also need backup for a Windows server.

Synology NAS + cloud sync: For businesses with a small server or a lot of local data, a NAS (Network Attached Storage) device runs backup locally and syncs to cloud. Requires more setup but gives you fast local restoration speeds alongside cloud redundancy.

The part most businesses skip: testing

A backup you’ve never tested is not a backup — it’s a backup that might work. Hard drives fail silently. Cloud sync errors happen. A backup that has been running for two years without being tested may have failed six months ago and nobody noticed.

Test your backup quarterly:

  1. Pick a file you backed up — something specific, from a month ago
  2. Try to restore it from the backup system
  3. Confirm the file opens and is uncorrupted

That’s it. Ten minutes per quarter to confirm your backup is actually working. The alternative is discovering it doesn’t work after the disaster that requires it.

Also confirm your backup is actually running. Most backup software has a dashboard or status email. Check it once a week when you’re doing other admin work. Look for errors, warnings, or “last backup was 14 days ago” messages that indicate a problem.

Ransomware and why “cloud sync” isn’t enough

A common misconception: “My files are in Google Drive, so I don’t need to worry about backup.” Cloud sync — including Google Drive, OneDrive, and Dropbox — is not a backup. It’s synchronization.

Here’s the problem with ransomware: the attack encrypts your local files. When cloud sync runs, it uploads the encrypted versions to the cloud, overwriting the unencrypted originals. Now your local files are encrypted and your cloud copies are encrypted. You’ve lost both.

A true backup keeps versioned copies that aren’t overwritten by sync. When ransomware encrypts your files and sync pushes the encrypted versions up, a proper backup retains the pre-encryption versions you can restore from.

This is why Backblaze and similar tools maintain 30 or 90 days of file versions, not just the most recent copy. It’s the difference between “I can restore from a point before the attack” and “I can restore the encrypted files.”

A simple backup plan for a 5-person business

  • Every computer has Backblaze Business Backup running ($495/year for 5 machines)
  • Microsoft 365 or Google Workspace handles email and documents with cloud storage
  • Monthly reminder to verify Backblaze is reporting successful backups
  • Quarterly test restoration of a few files from 30 days ago
  • One person specifically responsible for checking backup status

Total cost: under $600/year. Time to manage: under 30 minutes per month. Protection against: ransomware, hardware failure, accidental deletion, office disasters.

That’s the whole plan for most small businesses. Not glamorous, not complex — but the difference between a disruption that costs you a day and one that costs you everything.