© Systems AXIS Limited,
2026.
axisfirst is a trading style of Systems AXIS Ltd. Head Office: AXIS House, 53/55 St Mary Street, Bridgwater, Somerset, TA6 3EQ. Registered Company 2370905 | VAT No. GB 515 8599 12
BUSINESS CONTINUITY
UK SME Owner's Guide To Backing Up & Recovering Your Business
Written by Lee Tebby
World Backup Day on 31st March is an annual reminder to think about and review your business continuity and disaster recover plans ensuring your business data can be restored quickly, confidently and completely. Because in reality, most UK business owners only ever worry about checking their backups when something has gone wrong.
If you run a SME, your data isn't just 'files'. It's invoices, customer records, contracts, designs, emails, product brochures, product photographs, project plans, HR policies, employee details and applications that keep cash flowing into your organisation. Lose access to those applications and your data and you're not only inconvenienced, you could potentially be unable to trade.
What is World Backup Day?
Starting online in 2011, World Backup Day has grown into a global reminder: don't be an April Fool - back up your data. The point is to build a routine so that a lost laptop, a wrong click in a phishing email or a ransomware incident doesn't become and existential crisis.
For UK SMEs in 2026, that routine matters because hybrid working is normal, cloud apps are everywhere, hackers are targeting small organisations precisely because of their lean IT and there is more and more regulation around protecting personal and business-critical information.
The Real Cost
Backup, disaster recovery and business continuity planning all play an important role. Because when data loss occurs, the damage is a combination of:
- Downtime - unproductive employees, lost revenue, delayed project delivery
- Disruption - unable to raise invoices, process orders, book deliveries, pay staff
- Impact - reduced customer service, slow response, delayed shipments, reputation
- Compliance / Contractual Risk - personal data, obligations not met, unable to produce records
- Recovery Cost - equipment replacement, recreation of work, emergency out of hours support
- Stress - firefighting, losing business, unknown timescales, not generating revenue
Why backups fail
When you first start a business, your backup 'strategy' typically begins with an external USB hard disk and copying a folder now and then. Or maybe assuming cloud platforms like Microsoft 365 / Google Workspace / Dropbox equals a complete backup. However, the gaps in this 'cross your fingers and hope you can recover your data' approach becomes obvious when you delete something and need to recover it again.
But as your business grows, you implement systems, you rely on applications, you have more than just 'files' that need backing up.
- One Place - single external drive, a single cloud account, network attached storage device
- Untested - only restore during a data loss emergency
- Retention - discover missing files months after they were deleted and only hold 30 days
- Shadow IT - latest versions are on a local desktop or personal folders so not backed up
- Ransomware - encryption can be applied to a connected local backup by an attacker
2 Key Business Questions
You don't need to be an expert backup specialist, but you do need to answer two key questions to build the right strategy for your business.
- How much can we afford to lose?
- How fast must we recover?
Armed with that information, you can set two targets:
- Recovery Point Objective (RPO) - the amount of data you can afford to lose in time (E.G. 4 Hours)
- Recover Time Objective (RTO) - how quickly you need to be back up and running (E.G. 8 Hours)
Modern Backup Strategy
In the 1980s/1990s a classic 3-2-1 or Grandfather-Father-Son was considered the go-to strategy for most businesses. In modern times, ransomware has increased the risk and the requirement to strengthen your approach to data backup.
Onsite, Offsite and Offline ensuring that you have at least 3 copies of your data, you use 2 or more types of technology and one copy is immutable so it cannot be encrypted or deleted by ransomware.
Add to this regularly test restores ensuring you know your backup works and you have a modern day strategy.
Our Approach
Changing backup solution is not a decision we take lightly, however the backup solution we use offers greater performance, reliability and flexibility.
- Enhanced Performance - More efficient compression, enables us to reduce the time backups take to run and reduces the impact on your internet bandwidth. This results in fewer backup timing issues which can lead to server performance and availability issues.
- Cloud First - For deployments where we are backing up to an onsite storage location such as a Network Attached Storage (NAS) device, this backup is cloud first, then duplicated to the local device as opposed to NAS first then to the cloud. This means that backups to the cloud are not interrupted by a NAS failure, shutdown or capacity issues.
- Greater Backup Destination Diversity - Dual cloud destination backups offer greater protection over the current solution.
- Cloud Native - Streamlined product upgrades and feature enhancements.
- Additional Capabilities - Opt-In to a scheduled automated backup testing plan
We devised a default backup schedule (shown in the table below) that is designed to optimise performance, bandwidth usage, storage capacity and cost. This information should be incorporated into any disaster recovery and business continuity plans that you have.
| Backup Type | Default Retention Period |
|---|---|
| All 'Intra-Daily' Backups | 8 Days |
| Daily Backup | 31 Days |
| Weekly Backup | 6 Weeks |
| Monthly Backup | 12 Months |
| Yearly Backup | 3 Years |
Intra-Daily Backups are where backups of changes occur throughout the day. These may or may not be configured depending on the type of server or workstation being backed up and the rate of change of your data.
By default, your new backup destinations will be set as below:
| Backup Source | Hyper-V Virtual Machine | Physical Windows Server | Desktop PC / Apple Mac | Azure Virtual Server | Azure Virtual Desktop |
|---|---|---|---|---|---|
| Destination1 | Cloud Storage Vault 1 - Immutable - 30 Days | ||||
| Destination2 | Cloud Storage Vault 2 (Separate to Vault 1) - 3 Years | ||||
| Destination3 | Local NAS/USB - 3 Years (Subject to Capacity) | Not Applicable | |||
Run a 'test' restoration of your data every 30 days. With each test restore, a virtual machine is created and booted up to check that it is bootable. A screenshot of the login screen is also be provided as verification.
A Practical Backup Plan - An Example To Follow
- Inventory - list all systems and data that would stop you trading if they disappeared
- Email
- Microsoft 365 files and folders
- Customer Relationship Manager database
- Line of Business Applications (Sage/Xero)
- Server / NAS files and folders
- Laptops / Desktop files and folders
- Passwords / Multi-Factor Authentication
- Network Settings - Set Targets
- RPO
- RTO
- Retention - Cover
- Cloud Servers / Services
- Physical Servers
- Endpoint Devices - Laptops, PCs - Resilience By Design
- Ransomware
- Immutable
- Multi-Factor Authentication
- Least Privilege Access
- Separate Backup Admin Account - Regular Testing
- Monthly
- Document Process
- After Any Major Changes
UK Considerations - Information Governance
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, organisations are expected to apply 'appropriate' security to the personal data that they hold or which they handle on behalf of another organisation. This includes the availability and integrity of the data which ties into the backup and recovery strategies you adopt in your business.
- Some types of data legally require long retention periods
- Access controls apply to backups as much as they do to live data
- Information requests may mean you need to restore data in the event of an audit, you need to be confident
- Readiness if you were to suffer a security breach, you need clean data to restore
This article is purely guidance for SME business owners and not legal advice. If you’re unsure about regulatory obligations, speak to a qualified adviser.
In Summary
World Backup Day is a great prompt, but it is not a box ticking exercise on every 31st March. The goal is simple, if something goes wrong next week, you have a plan and know who to call and what to do to restore what matters. Pick one improvement today that makes your business measurably safer.
If you outsource to a managed service provider like us, ask them to walk you through your RPO and RTO and whether they are performing test restoration of your data. Ask how your backups are protected from ransomware.
After all - backup is only half the story - recovery is the real value.