Data backup and ransomware recovery

A backup is a separate copy of your business data and systems that you can use if files are deleted, corrupted, encrypted by ransomware, or lost after a hardware failure. Ransomware is malicious software that locks or encrypts your files and demands money.

The simple rule many providers use is the 3-2-1 backup rule. That means 3 copies of your data, on 2 different types of storage, with 1 copy kept offsite. "Offsite" means in a different physical place or isolated cloud location, not just another folder on the same office server.

A tested backup matters more than a backup you only hope will work. If a provider says, "we can restore it," ask what was tested, how often, how long recovery usually takes, and whether they have restored a full server, cloud account, or line-of-business app like yours before.

For most small and mid-sized businesses, backup is really about downtime, lost work, and stress. If payroll, customer files, inventory, email, accounting, or scheduling systems go down, the question is not only "Do we have a backup?" The question is "How much can we afford to lose, and how fast do we need to be back up?"

A good managed IT services provider, also called an MSP, should help you sort systems by importance. Your accounting server may need faster recovery than an archive of old design files. Your cloud email may need mailbox backup even if Microsoft 365 or Google Workspace already stores data in the cloud, because built-in retention is not the same thing as a full business recovery plan.

This also affects cyber insurance, contracts, and compliance rules. Requirements vary by industry and state. If you handle health information, payment cards, or sensitive client records, you may have specific retention, recovery, or documentation needs under rules such as HIPAA, the Health Insurance Portability and Accountability Act, or PCI, the Payment Card Industry Data Security Standard.

In plain terms, recovery should mean more than copying a few files back. It can mean restoring one deleted folder, one employee laptop, a cloud mailbox, a full server, a virtual machine, or an entire office after a major event. The right question is, "Restore what, to where, and how long does that usually take?"

Ask about two practical targets. The first is how much recent data you could lose. The second is how long the business could be down while systems are rebuilt. Many providers use formal terms for this, but you do not need technical language to ask the question clearly.

You should also ask how backup tests are done. A real test may include restoring random files, restoring a full system into a test environment, and confirming the restored data actually opens and works. If a provider only says backups are "green" or "successful," that usually describes the copy job, not whether your business can actually run from the restored data.

Backup and recovery costs vary a lot. The real number depends on headcount, number of devices, how much data you keep, whether you run servers in the office, how many cloud apps you use, your security needs, your recovery speed goals, and your area. These ranges are not quotes.

For a very small office with mostly cloud software and basic file backup, you may see backup-related costs starting around $10 to $30 per user per month, or a small monthly minimum. If laptops, Microsoft 365 or Google Workspace backup, and basic file recovery are included in a broader managed service plan, the backup line may not be priced on its own.

For businesses with servers, larger file sets, longer retention, image-based backup, disaster recovery options, or stricter compliance needs, costs can move into the low hundreds to several thousand dollars per month. There may also be setup charges for mapping systems, setting retention rules, seeding large data sets, or replacing old backup hardware.

Recovery itself can also have costs. Some providers include routine restores in a monthly plan. Larger disaster recovery events, emergency after-hours work, replacement hardware, cloud recovery infrastructure, or application rebuilds may be billed separately. Ask what is included before there is an emergency.

You do not need to become an IT expert. You just need clear answers in plain English. A good provider should be able to explain the backup plan without hiding behind jargon.

If you are comparing options, ask each provider for the same basic information so you can compare fairly. You can also review our services and more plain-language answers if you are still getting familiar with managed IT.

Start with a short list of what would hurt most if it disappeared for one day, three days, or one week. Include accounting, customer records, email, payroll, shared files, line-of-business apps, and any computers or servers that run the business. This gives an MSP a practical starting point.

Then ask for a backup and recovery review in plain English. You are looking for a provider who explains tradeoffs clearly, tests restores, and gives honest limits. No honest provider promises zero downtime, an unhackable network, or perfect recovery in every scenario.

If you want help finding a fit, NodeBridge IT can help you find an independent managed IT provider. We are a free matching service. We do not manage, monitor, secure, repair, or access your systems or accounts. We only collect basic business and contact details so we can connect you with providers that serve your area and needs.