The rule: 3-2-1, and one copy criminals can't touch
Proper backup follows a simple shape: three copies of your data, on two different types of storage, one of them off-site — and in the ransomware era, one copy must be immutable: unchangeable even by an administrator account, because modern ransomware hunts and encrypts backups first. Synced folders are not backup (the encryption syncs too); the USB drive in the drawer is not backup (it's in the same building as the fire). We design to the rule, automate it, and — the part almost everyone skips — test restores on a schedule, because the only backup that counts is one you've watched come back.
Microsoft 365 backup: the gap nobody mentions
Microsoft keeps 365 running; it does not promise to keep your data recoverable. Retention windows expire, deleted items eventually purge, and a compromised account can destroy years of mail and files inside Microsoft's rules. Dedicated 365 backup captures mailboxes, OneDrive, SharePoint and Teams to independent storage with point-in-time restore — so 'we deleted the wrong folder in March' is a ten-minute fix, not a tragedy. It costs a few pounds per user and we consider it non-negotiable for any business whose email matters.
Disaster recovery: the plan for the genuinely bad day
Backup answers 'is the data safe?'; disaster recovery answers 'how fast are we trading again?' — different questions. DR planning sets two numbers with you honestly: how much data you can afford to lose (hours? a day?) and how long you can be down, then builds to those numbers instead of to a slogan. For most SMEs that means cloud-recoverable systems, documented restore runbooks, and — because we run your comms too — phones that keep answering from mobiles and an office that can fail over to 4G/5G while the main event is dealt with. The whole business continuity picture, not just the files.
Tested, or it doesn't count
Our standing rule: scheduled test restores, with results you see. Backup systems fail silently — agents stop, storage fills, credentials expire — and the failure is only ever discovered at the worst possible moment unless someone is testing. That someone is us; the confirmation lands in your inbox. It's the least glamorous service we sell and the one that has saved clients the most.
Frequently asked questions
Isn't OneDrive/Dropbox sync a backup?
No — sync replicates changes, including bad ones: ransomware encryption and deletions sync straight to the cloud copy. Backup is separate, versioned and immutable. Sync is convenience; backup is recovery.
Does Microsoft 365 need backing up?
Yes — Microsoft's retention is not point-in-time backup, and deleted or ransomed data can pass beyond recovery within its rules. Independent 365 backup is inexpensive and closes the gap completely.
What does 'immutable' backup mean?
A copy that cannot be altered or deleted for a set period — even with admin credentials. It's the specific counter to ransomware that encrypts backups before revealing itself.
How often should backups run?
To the number you choose: how many hours of work could you bear to lose? Most businesses land at hourly-to-daily for files and continuous for 365 — we set the schedule to your answer, not a default.
Do you actually test restores?
On a schedule, with results reported to you. Untested backup is a hope, not a control — testing is the whole point of 'managed'.
What happens to our phones in a disaster?
Because we run your comms, continuity covers them too: calls re-route to mobiles instantly, and connectivity can fail over to 4G/5G — the business keeps answering while recovery runs.
Talk it through with a human
Tell us what you run today — we'll scope it honestly, quote it clearly, and tell you if you don't need us yet.