Backup and Restore: What You're Actually Paying For

Ransomware took down your accounting server Tuesday morning. Your IT person says "don't worry, we have backups."

Wednesday morning you're still down. Thursday you're restoring from tape. Friday you're still rebuilding because nobody documented the custom configurations.

This happens. It happens because "having backups" and "being able to restore" are different things.

What this solves

Ransomware recovery. The only real defense against ransomware is clean, offline backups you can restore from.

Hardware failure. When a server dies, you restore to new hardware. Without backups, that server is gone.

Accidental deletion. Employees delete things. Files get corrupted. Backups let you roll back.

Disaster recovery. Hurricane, flood, fire — if your building burns down, cloud backups let you rebuild somewhere else.

What can go wrong

Backups run to the same location as the original. Ransomware encrypts everything, including the backup drive sitting on the same network.

Nobody tests restores. You think you have backups. When you try to restore, the last six months are corrupted. Or the backup software expired. Or the credentials changed and backups have been failing silently for three months.

Retention doesn't match your needs. You back up daily. A file gets deleted Monday. Nobody notices until Thursday. Restore brings back Thursday's corrupt backup, and Monday's version is gone.

Cloud-only backups fail when internet is down. If your office internet goes down and your only backup copies live in the same cloud region as your servers, you have a problem.

Compliance violations. Industries like healthcare and finance have specific backup retention requirements. "We back things up" isn't enough.

What it costs (honest ranges)

Consumer cloud backup (Carbonite, Backblaze): $6-$20 per computer per month. Good for workstations, not servers.

Business backup solutions: $0.50-$2 per gigabyte per month for cloud backup. A typical 100GB server runs $50-$200/month.

Backup appliance + cloud (Datto, Barracuda, Veeam): $500-$2,000/month for small business packages. Includes local backup device plus cloud replication.

Disaster recovery as a service (DRaaS): $1,000-$5,000/month for full workload replication with failover capability.

Manual tape backup: $200-$500 per tape, plus drive hardware. plus the cost of driving tapes offsite. It's 2026 and some businesses still do this.

Unplanned downtime cost: The average SMB pays $5,000-$50,000 per hour of ransomware-related downtime. Your backup strategy is really buying insurance against that number.

Minimum viable implementation

1. Identify your critical data. Server files, databases, email, anything you'd pay ransom to recover. Map where it lives.

2. Implement the 3-2-1 rule. Three copies of data, on two different types of media, with one copy offsite. Example: production data + local backup + cloud backup.

3. Verify backup completion daily. Set up alerts so you know when backups fail. Silent failures are worse than no backups.

4. Test a restore quarterly. Pick a random file. Restore it. Document how long it took. If it takes 8 hours, plan for 8 hours of downtime.

5. Document your restore procedure. Who initiates a restore? What steps? What credentials? Write it down before you're in crisis mode.

Vendor questions (copy/paste)

Ask your backup vendor or MSP:

• Where are backup copies stored, and are they isolated from our production network?
• What's your recovery time objective (RTO) and recovery point objective (RPO) for our environment?
• Do you test restores, and how often?
• What happens if your service goes down — do we still have access to our data?
• Can you show me backup verification logs from the last 30 days?

If they can't show you logs proving backups are working, keep asking.

When to hire help

You've never tested a restore. This is the most common gap. Schedule a restore test now, with or without help.

Your backups are older than 30 days. Something is wrong. Either retention is misconfigured or backups are failing.

You have no offsite copy. Single location backups protect against hardware failure, not fire, flood, or ransomware.

Your RTO is measured in days. If recovering from backup takes longer than your business can tolerate being down, you need faster backup or a different strategy.

---

The question isn't "do we have backups?" It's "can we restore in time, from a clean copy, without paying ransom?" If you're not sure, find out before Wednesday morning.