blue background

Back Up Business Data

Protect your business from data loss and downtime.   

Back Up Sensitive Business Information  


Data loss due to cyberattacks, system failures, accidental deletion or natural disasters can halt operations and cause lasting damage. It’s a serious threat to small and medium businesses.  

That’s why regularly backing up your data is a critical part of your cybersecurity strategy. It’s also important to perform scheduled recovery tests to verify backup integrity, identifying potential compromises, and refine Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) to ensure business needs are met. This is especially important for businesses in the critical infrastructure supply chain, since many systems rely on your services to maintain operations. 
 

What is a backup? 

A backup is a secure copy of your business’s critical data, stored separately from your primary systems. In the event of a cyber incident, accidental deletion, system failure or disaster, you can restore your data and resume operations quickly. 
 

Why does this matter? 

According to Verizon’s 2025 Data Breach Investigations Report, ransomware figured into 44% of the breaches they investigated. Backups are your best hope of recovery from a ransomware attack. Backups also help your business bounce back quickly, with minimal disruption to the services people rely on.  

Backups help businesses: 

  • Recover quickly from ransomware or cyberattacks 
  • Avoid paying ransoms or losing critical data 
  • Ensure business continuity  
  • Reduce financial and operational impact 
  • Meet compliance and legal requirements 
     

Recovery without backups can take weeks or even months, and it may be impossible.  

Regular data backups are one of the most cost-effective ways to protect your business from interruptions. Backing up your data doesn’t have to be complicated!  

Develop a strong backup plan to ensure your business can recover quickly when facing cyber threats.


Three Steps for Backing Up Your Data   


Follow these essential tips to create a reliable strategy that protects your business from data loss.  

  1. Know what to back up. 

    Start by taking inventory of what important information resides on your network. This will give you an understanding of what you are protecting and who has access. A simple spreadsheet can help you track what you’re backing up. 

    Focus on sensitive and business-critical data such as: 

    • Customer and client records
    • Employee and HR information
    • Financial and payroll data
    • Emails and critical communications
    • Configuration files and software settings
    • Website and operational databases  

    Pay attention to how your data flows at rest and in transit, user behavior and activities, and what devices are involved. This gives you a solid baseline for security testing, continuous monitoring and security-based decisions.  

    Identify what data your business can’t operate without, like proprietary research, development files or financial records, and prioritize those for protection. 
     

  2. Follow the 3-2-1 backup rule. 

    Once you know what needs to be protected, it’s time to set up your backups. The 3-2-1 rule is a trusted guideline: 

    • 3 copies of important files
    • 2 different types of storage media (like a hard drive and the cloud)
    • 1 copy stored off-site, away from your business location 

    Choose a backup solution that runs automatically and regularly. Regular backups protect against ransomware and malware attacks. Use a combination of on-site and remote backups to protect against threats, hardware failures and physical damage. 
     

  3. Secure, test, and train. 

    Leverage protections for backups, including physical security, encryption and offline copies. 

    Test backup procedure to make sure your team can rapidly restore data both fully and partially, and to ensure you can roll back data at least seven days if needed.  Know how to access critical files even without an internet connection. If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.  

    Finally, train your team. A backup plan is only helpful if everyone knows how to use it. Write down your procedures and make sure your team can recover systems, networks and data from your backups. Everyone plays a part in data protection! 
     

printer icon with level up fact sheet

Printable Tips

Get the additional best practices in one handy, printable summary: “Level Up Your Cybersecurity Defenses.” 

GET IT NOW

No-Cost Backups & Business Guides—Share with Your IT Team

Stop Ransomware logo

Stop Ransomware

Review the Stop Ransomware Guide’s information on backing up data. Regular backups are one of the best ways to protect your organization from ransomware losses.  

Shields Up

Shields Up

Protect your business and adopt a heightened posture of cybersecurity. Follow CISA’s guidance to prepare for, respond to and mitigate cyberattacks.

JCDC Artificial Intelligence Cyber Tabletop Exercise

Infrastructure Resilience Planning Framework

Incorporate critical infrastructure resilience considerations into business planning. 

woman on her laptop at work

How to Protect the Data that is Stored on Your Devices

Learn how to protect your systems with this customizable guide. 

LEARN MORE

Use Logging on Business Systems

Encrypt Business Data

Share Cyber Incident Information with CISA

Secure Your Business

Small and Medium-Sized Business Resources

Cybersecurity Awareness Month