Secure Backup Strategies for 2023

backup strat banner

Hard drive crash. Ransomware. Equipment failure. Accidental deletion. Theft.

There are plenty of reasons why end users want to have a secure and up-to-date backup of their most important files. And there are just as many approaches to backup and recovery as there are reasons to want it in place.

In this article, we’ll discuss practical strategies and best practices for backing up important data, including consumer-level options and how to get the most from an enterprise-grade backup solution. All told we want to explore how to create a robust backup strategy that can save an organization from disaster without breaking the bank.

What this article will cover:

  • What is data backup and recovery
  • Why Are backups important?
  • Top backup strategies
  • Best practices for backing up important data

Data backup and recovery

Thanks to its importance in the modern-day IT landscape, most people know the basic definition of a backup process. In brief, it’s the process of backing up data and setting up secure systems that allow you to recover your data in the event of a disaster or data loss.

A proper backup isn’t just a copy of a file, however. The copy must also be as up-to-date as needed. It must be easy to restore, and those restores must be reliable. It must also be protected so that it is not exposed to the same dangers as the original data.

With these requirements in place, end users can rest assured that their precious data is always available — or at least recoverable.

Why are backups important?

A backup’s purpose is simple enough: create copies of data that can be recovered when the primary data fails. Primary data failures can arise in many ways, including software or hardware failure, human error, data corruption, ransomware attacks, and natural disasters. A quality backup solution allows the user to “turn back the clock” after one of these events and restore their data or the entire system to a point prior to the calamity.

The first rule of a backup is that backup copies must be stored on a separate medium to prevent corruption or loss. Traditionally, this meant using an external device — anything from a USB stick to a tape drive. The more modern approach is to store the backup data remotely on the cloud.

What’s important is that the data is safely stored away from the primary data.

Backup copies then must be made on a regular and consistent basis to minimize the amount of data lost between backups. The frequency of backups depends on the user’s needs and depends on how much data they’re able to lose forever without significant negative effects. Unlike the process of “file syncing” which is often confused with backing up data, there should be no risk of malicious or accidental changes to the data overwriting the backup copies. (This would of course render them useless.)

7 backup strategies

There are many ways an end-user can execute their own backup strategy. Tradeoffs will be made in convenience, cost, reliability, and time as is usually the case with technology. While some of the least expensive options may be good enough for a lone user who wants to back up their personal files, they would be untenable for even a small business with multiple computers, shared drives, limited time, and an innate need to minimize risk.

Let’s look at the most common options out there:

1) Consumer plug-and-play devices

These options tend to be singled out by home users for their convenience. All one needs to do is buy the USB device, you plug it into their PC, and the backup starts. There’s no configuration needed, no software to install, and no fuss. Essentially, it’s a “foolproof” way for a consumer-level user to back up large amounts of data.

Unfortunately, this easy option comes with downsides. Firstly, there’s a blind reliance on the device itself. Because it’s so simple, it can be difficult for low-level users to ensure a complete and proper backup. For instance, some tested devices did not automatically back up all partitions of the hard drive even though they claimed to do so.

Another drawback can be cost. If someone wants to back up a multi-TB hard drive, they could be looking at devices that cost thousands of dollars. To get around this issue, it is possible to buy your own external hard drive and install automated backup software on that drive yourself.

Even if someone goes this route, it does leave one problem on the table. More than likely, this external hard drive will be sitting right next to the computer it’s backing up. This means it’s just as vulnerable to theft or destruction as the primary system.

2) Internet backup services

The above issue can be addressed as long as the user has a stable internet connection. Internet backup tools don’t require hardware, only software, and gives access to your data from any Internet-enabled computer. This saves the user the expense of buying a backup device or an external drive.

But…as you expected, there are drawbacks.

These systems are notoriously slow, for one. Complete backups can take days or even weeks because they run in the background and only use a minimal amount of data bandwidth while doing so. Because they’re so slow, most of these services don’t offer application or OS backups, so they’re not going to help much if a system is attacked with ransomware or fails outright.

3) Home network backups

Another consumer-level option is designed more for families who want to make sure every device in the household is protected. This simple setup involves buying a network-attached storage (NAS) storage device — a box containing one or more hard drives — and plugging it into your router via ethernet cable. Anyone on the network who has the right permission can access those hard drives.

NAS drives can store photo, video, and music files, as well as perform backups. Many NAS drives also work as print servers, giving connected PCs easy access to any network printer.

Most NAS drives come with software for backing up data. With that in place, every PC on the network has instant access to a large drive and automated backup capability. These devices are relatively easy to set up but can be costly. Home users can be looking at over $400 for a NAS unit, not counting the drives themselves.

As you can imagine, this is not an ideal option for small businesses. Again we face the issue of backup data being stored in the same location as the primary data. There are also configuration issues to be considered because the NAS backup solution still needs its automation to be set up by the user. Then the hardware needs to be maintained, protected, and eventually replaced. If not, the user may have to try to recover data from a dead hard drive.

In the modern world of cloud backups, it’s really just more trouble than it’s worth for most businesses.

4) Manual media backups

We have to mention this backup method, even if it’s largely for nostalgic reasons.

These days, you won’t find many people copying all of their large media files to DVD-Rs, but it was and still is a viable means of backing up data. It is inexpensive, but it can be tedious. It would not be the ideal way for a business to back up their important data, much less their entire system.

5) System disaster recovery

Now we’re getting into the more commonplace modernized options. A system (or disaster recovery) backup solution allows users to restore everything in one fell swoop. A few button presses or a call to the MSP or IT department, and the entire system can be rolled back to a previous version.

These methods typically use cloning or imaging to back up entire drives. Cloning involves transferring an exact copy of your main hard drive to another drive. To restore Windows, the user can then clone in the other direction or physically swap the drives.

Imaging involves copying a drive’s structure and contents into a compressed, but still very large, file on another drive. To restore the image and bring the system back to a previous restore point, the user must use the same image-backup software that created the backup. Most commercial systems use this method to save on costs and speed up their processes.

6) Archiving

Archiving is a slightly different cousin of backing up that mostly applies in two cases: businesses that need to adhere to data and privacy regulations, and users who want to preserve data for a very long time for personal reasons.

In the first case, businesses may need to archive emails or financial documents for a specified amount of time. Their IT specialist can easily meet these requirements using any number of tools, including backup solutions or dedicated archiving software.

For the personal user, archiving might simply mean saving digital media for posterity — i.e. storing digital family photos on DVDs to make sure they’re never lost, even fifty years down the road. In these cases, the most important step is choosing physical media that will last without corruption. While DVDs are considered safe to store indefinitely, there still isn’t reliable data on how long these discs will actually store data without corruption. One would certainly have safe storage issues to consider, as heat and light exposure would definitely degrade the media over time.

7) Multiple backups

Number seven is less a singular backup method and more of a backup strategy proper. It’s simply to have redundant backups whenever possible.

While the likelihood that both a primary system and a backup system will fail at the same time may be low (lower in some cases than others), there’s still always a possibility. For the ultimate peace of mind, a user should have backups of their backups.

This can be as simple as using a cloud-based backup solution as a primary backup, and then manually creating backups every so often on an external drive. There is relatively little risk to running redundant backups like this, although users should consult with their IT professional to determine how to get the most “mileage” from this kind of setup.

Backup and recovery best practices

Regardless of the backup strategy in play, there are best practices that should be followed to ensure the quickest, easiest, and most reliable recovery after a disaster.

  • Configure the correct backup frequency

Choosing frequencies is usually a balancing act between safety and cost/resource usage. At one point, most small businesses could get away with relatively infrequent backups. This isn’t so much the case now.

Thanks to ransomware, experts recommend everyone increase the frequency of backups to daily, or even multiple times per day. Incremental backup technology enables these rapid backups of almost any data set in a matter of minutes because only the changed file, not the whole drive, is copied to backup storage.

In-place recovery is another rapid response solution that is often recommended. While not as common among SMEs, these systems act as a failover for the entire IT environment, allowing the backed-up version of the system to run remotely so that the user can continue operating almost instantly. This saves the time of copying backup files back to the production drives before work can resume.

  • Align the backup strategy to service-level demands

Most organizations, even small businesses, rely on more than a dozen applications these days. Larger organizations may have more than 50 applications considered critical or important to their function. Most IT professionals don’t have the time required to audit these applications and determine backup priorities.

The recovery service level is a simpler way to dictate recovery times across all applications. It also determines backup frequency. If the service level is 15 minutes, then backups need to be done at least every 15 minutes. This is feasible with Block-Level Incremental backups, but can be untenable using other methods. Naturally, you wouldn’t (and couldn’t) run full backups at such a cadence.

  • Follow the 3-2-1 backup rule

The 3-2-1 rule of backup is simple and still applies:

Organizations should keep three complete copies of their data, two of which are local but on different types of media, with at least one copy stored off site.

An organization using this rule could back up to a local on-premises backup storage system, copy that data to another on-premises backup storage system, and then replicate that data to the cloud.

  • Chose cloud backup tools wisely

Cloud backup is a key consideration for organizations looking to revamp their data protection and disaster recovery strategy. IT professionals and MSPs should be careful not to assume that all backup vendors support the cloud equally. While many vendors offer cloud data backup — or even some close approximation of it — not all backup systems are flexible or reliable enough to entrust with their clients’ data.

  • Automate disaster recovery

The most common recoveries are those of a single file or single application, not complete disaster recoveries. You may need to recover from a failed storage system from time to time but it is extremely rare that an MSP needs to recover from a full disaster where the entire system is lost.

Of course, you still need to plan for the possibility of this type of recovery, especially with the rising threat of ransomware. In a disaster or cyberattack, IT needs to recover dozens of applications and those applications may be dependent on other processes running on other servers. In many cases the other servers need to become available in a very specific order, so timing of when each recovery can start is critical to success.

This is all a race against the clock, which is why automation is the MSP’s best friend when it comes to rapid response. By automating recovery playbooks when applicable, precious hours can be saved and SLAs met on time.

  • Protect endpoints and SaaS applications

Endpoints are becoming the new preferred target for cyber attackers, largely due to the effectiveness of phishing attacks that enter through the end user.  Laptops, desktops, tablets, and smartphones are also at risk for theft, and all contain valuable data that might be uniquely stored on them.

That said, we know that data on individual devices need backups just as readily as data on company servers. Endpoint protection is now more practical than ever thanks to the cloud. Modern endpoint backup systems enable endpoints to back up to the cloud, managed by the MSP.

Just as noteworthy, applications such as Office 365 and Salesforce are often overlooked by the organization under the assumption that data on these platforms is automatically protected. In truth, the user agreements for most common business applications make it very clear that data protection is the user/organization’s responsibility. MSPs must look for a data protection application that can also protect the SaaS offerings that their clients use.


The list of risks impacting business technology is already long and growing every year. Whether natural, accidental, or malicious, disaster can strike at any time and bring an organization to a halt. Modern IT-dependent businesses simply can’t afford for this to happen.

Thus the backup process is under more pressure than ever. Expectations are for no downtime and zero data loss. Many of the strategies we’ve outlined above simply can’t deliver those results.

Fortunately, purpose-built backup software can provide capabilities such as frequent intermittent backups, recovery in-place, secure cloud, DRaaS, and disaster recovery automation. Thanks to these modern technologies, providers like NinjaOne can deliver backup and recovery solutions that enable the organization to offer rapid recovery to a high number of applications without breaking the IT budget.

Next Steps

Protecting and securing important data is a crucial component in every organization. With NinjaOne Backup, you can protect your critical business data with flexible solutions designed for your modern workforce.

Learn more about NinjaOne Backup, check out a live tour, download our Backup Buyer’s Guide, or start your free trial of the NinjaOne platform.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

Watch Demo×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).