When a cyberattack hits, backups stop being a line item on your IT checklist — they become your business lifeline. At our core as an MSSP, we’ve seen firsthand that the difference between a minor disruption and a full-scale business shutdown often comes down to one thing: whether your backups actually work when it matters most.
Unfortunately, many businesses assume they’re protected simply because they “have backups.” But during a ransomware attack or data breach, assumptions fail and execution is everything. Let’s break down what truly works — and what doesn’t — when your environment is under attack.
The Reality of Modern Cyberattacks
Today’s cyber threats are calculated, persistent and specifically designed to target your backups just as aggressively as your production data. Ransomware groups routinely:
- Search for and delete backup repositories
- Encrypt network-connected backup systems
- Exploit weak credentials to gain full access
- Dwell in systems long enough to corrupt backup integrity
If your backup strategy isn’t built with this reality in mind, it’s already outdated.
What Actually Works: Proven Backup Best Practices
The 3-2-1 Rule
You’ve likely heard of the 3-2-1 backup rule — it’s still essential in the world of data backups, but it’s not enough alone.
- 3 copies of your data
- 2 different storage types
- 1 offsite copy
This is still a foundational best practice — but modern threats require expanding it to 3-2-1-1-0:
- 1 immutable or air-gapped copy
- 0 errors verified through testing
Immutable and Air-Gapped Backups
Immutable backups (data that cannot be altered or deleted) are one of the most effective defenses against ransomware. If attackers can access your backups, they can destroy them. That’s why immutability is critical. Effective strategies include:
- Cloud backups with immutability settings (object lock)
- Offline or air-gapped backups disconnected from the network
- Backup systems with role-based access and strict authentication
These ensure that even if your network is compromised, your backups remain untouched.
Backup Frequency Matters More Than You Think
Many businesses still rely on nightly backups. In today’s threat landscape, that can mean losing an entire day — or more — of critical data. Best practices include:
- Use incremental backups throughout the day
- Prioritize mission-critical systems (servers, databases, M365, etc.)
- Align backup frequency with your Recovery Point Objective (RPO)
If your business can’t afford to lose 8 hours of data, your backups shouldn’t be running once every 24 hours.
Regular Backup Testing
This is one of the most overlooked steps in backups. Here’s a hard truth: a backup you haven’t tested is a backup you can’t trust. We frequently encounter businesses that discover during an incident that:
- Their backups are incomplete
- Files are corrupted
- Restore times are far longer than expected
Best practice:
- Conduct routine restore tests (monthly or quarterly)
- Test full system recovery—not just individual files
- Validate recovery time objectives (RTO)
Testing ensures that your backups are not just present — but usable.
Secure Your Backup Environment
Your backup system should be treated like a high-value target—because it is. Key security measures include:
- Multi-factor authentication (MFA) on backup platforms
- Dedicated credentials separate from your domain admin
- Network segmentation to isolate backup infrastructure
- Monitoring and alerting for unusual activity
A compromised backup system eliminates your safety net.
Don’t Forget SaaS and Cloud Data
A common misconception is that cloud providers fully protect your data. While platforms like Microsoft 365 and Google Workspace offer availability, they do not provide comprehensive backup or long-term recovery guarantees. You are still responsible for:
- Email backups
- SharePoint/OneDrive data
- Teams and collaboration data
Without third-party backups, accidental deletions or malicious activity can be permanent.
What Doesn’t Work During a Cyberattack
Just as important as knowing what works is understanding what doesn’t. These gaps are exactly what attackers look for—and exploit.
- Backups stored only on the same network
- No immutability or offline copies
- Shared admin credentials across systems
- Infrequent or untested backups
- Assuming your MSP or vendor “has it covered” without verification
Backups Are a Security Strategy
Backups are a critical component of your cybersecurity posture. When implemented correctly, they give you leverage during a ransomware attack. They allow you to restore operations without paying a ransom, minimize downtime and protect your reputation.
At the end of the day, the question isn’t if you’ll experience a cyber incident — it’s whether your business is prepared to recover from one. The organizations that recover fastest aren’t the ones with the most tools — they’re the ones with a tested, secure, and strategic backup plan.
If you’re not 100% confident your backups would hold up during a cyberattack, it’s time to take a closer look.
Contact our team today for a Backup & Recovery Readiness Assessment and ensure your business is protected when it matters most.
