UK

Stay Cyber Safe

Read our tips to help you plan and prepare an effective backup policy.

Cyber Tips

Backup policy   

Data is the most valuable part of your computer system. But, if it becomes corrupted or you lose it in a ransomware attack, it could prove irreplaceable. Here are some tips to help you plan and prepare an effective backup policy to stop that happening.  

What is a backup policy?  
A backup policy is a well thought-out plan for limiting the extent of any data loss, should the worst happen. If properly implemented following an incident, your backup policy will help you get back to business as usual quickly and efficiently.

The complexity of your plan will depend on the size of your organisation, how many applications and databases you’re running, and how much data needs backing up. It will also depend on your other company policies and your regulatory obligations.

How do I implement backup-policy best practice? 
First identify your most critical data, then plan accordingly

Identifying the data that’s most critical to your business helps ensure that resources are allocated appropriately, and that crucial data is protected and prioritised.

Take frequent backups
For mission-critical data in particular, it’s important to make sure you take backups frequently.

Use the 3-2-1 approach to backups
Create three copies of your data, using two different backup media types stored locally, and one copy stored remotely offsite.

Backups should be isolated or ‘air-gapped’ from your network when you’re not actively backing up data. Backup media should never be permanently connected, either physically or over your network.

Resources Image Blog 756X300px

Apply versioning to data
Your backups should include old versions of your data, not just the most recent copy of backed up files. This is important because there’s always a danger that corrupt files or ransomware could be lurking in your most recent backups.  

Periodically test the integrity of your backups
It’s important to verify on a regular basis that the data you’ve backed up is accessible and readable.  

Other things to think about
Backed up data should be encrypted to prevent unauthorised access.

Consider making your backups immutable so they cannot be altered, either by you or by bad actors.

Consider using remote storage (cloud-based storage can be a cost-effective option if managed correctly)

Automate backups where possible so that backing up your data becomes part of your everyday business.

Consider the retention period for your backups:

This is especially important if you’re using cloud services to back up your data. Cloud storage costs can mount up, so don’t hold on to backups for longer than you’ll realistically need them - or have a legal or regulatory obligation to retain them.

Consider your data retention policy:

Do you actually need all the data you are backing up and storing? Holding on to data you don’t need wastes money and can create additional security risks.

Further Information:

UK National Cyber Security Centre advice on backups can be found here. 

USA CISA advice can be found here.

You might also like
Dormant Accounts Resources Image Listing 756X504px
Why reviewing accounts regularly is crucial to data security
03 June 2025
Strength In Unity How Solis And Other Msps Work Together2
Strength in Unity
28 May 2025
The Rising Cyber Threat To UK Schools And Universities Listing 746X504px
How educational institutions can protect themselves against cyber crime
21 May 2025