Why your backup might be a risk to your business

How can having a good thing like a backup be a risk to your business? Something as simple as backing up your company files has evolved into something so much more. 

Cybersecurity, GDPR compliance and even insurance requirements now mean that a standard backup solution may in fact not be enough. 

If your business is backing up to local USB drives or similar, then the chances are it is a genuine risk to your business, let me explain why. 


There are way too many stories about businesses having had a failure or disaster of some kind and when they turn to the backup to restore business-critical data, the backup is in fact corrupt and cannot be restored. This is because the backup is blindly repeated day after day and never tested.  If the drive you are backing up to is no good or there is an issue with the data being backed-up, then you have no backup at all and that can and does cause huge issues. 

Causing business problems. 

No backup is a problem regardless of whether you lose a day’s data, a week’s worth, or perhaps even more. The costs of losing even a few days data will have a knock effect for much longer. The costs of having to re-input all that data and potential lost business during that period will cause financial pain and some serious questions will have to be answered by those responsible for ensuring your IT systems and security are fit for purpose. 

Cybersecurity challenges  

A cybersecurity breach and having your data compromised can mean the loss of data or perhaps being locked out of using your PC altogether. In the event of such attacks, your backup is essential and the ability to restore your data or at least having access to it is essential to avoid being left unable to serve your customers or worse, losing the data of your customers. A backup that is fit for purpose is key. What every business requires from their backup is the peace of mind that in the event of such a breach, their backup is going to enable them to carry on with business as usual. Have you considered that your backup may, in fact, be a genuine threat to your business if it is not fit for purpose? 

Compliance issues 

A huge part of GDPR is ensuring that your business has the right technology and security in place that is adequate for the amount and type of personal data you hold. As part of the process, you must document how you ensure you secure personal data and where you keep it. If you are using a USB drive to backup data, you will have to then outline why you believe it is fit for purpose and where you store that drive and data to ensure that is safe and secure. With advancements in backup technology, having a single copy of your data backed up to a local USB drive is going to be hard to justify when more secure solutions are available and affordable for businesses with 10-15+ computers or even smaller businesses with significant amounts of personal data or even smaller amounts of sensitive personal data. If you do decide to use a USB drive or similar for your business backup, be sure to complete an impact assessment to document the risks of using this and justify your reasons.  

Insurance Reasons 

More often now, business insurance requires businesses to have a robust and modern backup in place. These are often referred to as Business Disaster Recovery solutions or BDR for short. The reason insurance companies insist on this is quite simple. The insurance company will insist you have done everything reasonable to protect and secure your data. Because BDR is now considered reasonable and affordable it is now often a minimum requirement for many business insurers.  


With all these things in mind, it may very well be the case that the backup you have in place is, in fact, a risk to your business and something that needs to be seriously considered. Technology has moved on and there are better solutions available that will keep your business data safe, secure and compliant. Yes, there are costs to these solutions but in all honesty, it is a small cost when you consider the damage that can be caused to your business should something go wrong. Can you afford to risk having anything other than a business grade BDR solution? If you believe your current solution is adequate, then be sure to document it for GDPR purposes, and if you are not willing to take that risk and want to learn more about BDR you can click here or contact us on 01843 572600.