Best Backup Strategy After Digitisation

Once your documents are digitised, the digital files become your primary (and potentially only) record. If those files are lost — through hardware failure, ransomware, accidental deletion, fire or flood — you may have no way to recover the information. A robust backup strategy is not optional after digitisation. It is the foundation on which the entire investment rests.

The 3-2-1 Backup Rule

The 3-2-1 rule is the widely accepted minimum standard for data protection:

• 3 copies of your data — the original (working copy) plus two backups
• 2 different media types — so that a failure affecting one type does not destroy both backups (for example, cloud storage plus local NAS, or SSD plus tape)
• 1 off-site copy — geographically separated from your primary location, so a localised disaster (fire, flood, theft) does not destroy everything

Some organisations now extend this to 3-2-1-1-0:

• 1 immutable copy — a backup that cannot be modified or deleted, even by an administrator, for a set retention period. This protects against ransomware and insider threats
• 0 errors — regular backup verification and restore testing to ensure backups are actually recoverable

Backup Methods

Local NAS (Network Attached Storage)

A NAS device sits on your local network and provides shared storage accessible to all authorised devices. Good NAS units (Synology, QNAP) support RAID configurations that protect against individual drive failure.

• Cost: £500-£3,000 for a quality NAS with drives, depending on capacity
• Speed: Fast backup and restore over the local network
• Capacity: Easily scalable — add or replace drives as needed
• Limitation: Still on-site — vulnerable to fire, flood, theft and power events. A NAS alone does not satisfy the off-site requirement of 3-2-1

Cloud Backup

Cloud backup stores copies of your data in a provider’s data centre. For UK businesses, choose a provider with UK or EU data centres to satisfy data sovereignty requirements under UK GDPR.

• Providers: Backblaze B2 (excellent value), AWS S3 (highly scalable), Microsoft Azure Blob Storage, Wasabi (competitive pricing, no egress fees)
• Cost: £3-£10 per TB per month for storage, plus egress fees when restoring (except Wasabi and some Backblaze plans)
• Advantage: Automatic off-site protection, no hardware to maintain, typically includes redundancy across multiple data centres
• Limitation: Restore speed depends on internet bandwidth. Restoring 5TB over a typical UK business broadband connection could take days

Tape Backup

Tape (LTO) might sound old-fashioned, but it remains the most cost-effective medium for very large archives and is widely used by organisations with petabytes of data.

• Cost: LTO-9 tapes hold 18TB (45TB compressed) and cost approximately £100-£150 per tape. Tape drives cost £3,000-£8,000
• Advantage: Extremely low cost per TB for large archives, physically portable for off-site storage, inherently air-gapped when removed from the drive
• Limitation: Sequential access (slow to restore individual files), requires dedicated hardware, tapes degrade if stored in poor conditions
• Best for: Organisations with very large digitised archives (multiple terabytes) where cloud egress costs for full restores would be prohibitive

Testing Restores

A backup you have never tested restoring from is not a reliable backup. Organisations regularly discover — at the worst possible moment — that their backups were incomplete, corrupted, or configured incorrectly.

Implement a regular restore testing schedule:

• Monthly: Restore a sample of files from each backup destination and verify they open correctly and are complete
• Quarterly: Perform a larger test — restore an entire folder or project and verify against the original
• Annually: Simulate a full disaster recovery scenario — restore the entire archive from backup as if the primary storage had been destroyed. Time how long it takes. Can your business function during that recovery window?

Ransomware Protection

Ransomware is designed to encrypt your files and, increasingly, to seek out and encrypt or delete backups as well. A backup strategy that does not account for ransomware is incomplete.

Air-Gapped Backups

An air-gapped backup is physically disconnected from your network when not actively performing a backup. This means ransomware on your network cannot reach it. Options include:

• External hard drives that are connected only during backup windows, then disconnected and stored securely
• Tape cartridges removed from the drive after backup
• NAS devices powered off or network-disconnected between backup windows (less convenient but effective)

Immutable Storage

Cloud providers offer immutable storage options where data, once written, cannot be modified or deleted for a defined retention period — not even by an account administrator:

• AWS S3 Object Lock
• Azure Immutable Blob Storage
• Backblaze B2 Object Lock
• Wasabi Object Lock

This protects against ransomware that compromises admin credentials and attempts to delete backups — the immutability is enforced at the infrastructure level.

Retention of Backups

Backup retention should match your document retention requirements:

• If you must retain financial records for six years, your backups must cover that period — either through long-retention backup sets or by ensuring the primary archive is itself backed up throughout
• Consider versioning — keeping multiple backup versions allows you to recover from a corruption or deletion that is not discovered immediately (point-in-time recovery)
• Be aware that backups of personal data are subject to GDPR. If you delete personal data from your primary archive (under a Subject Access Request or retention policy), it should also be removed from backups — or you need a documented process for handling SAR requests against backup data

Encryption of Backups

Backups should be encrypted, particularly off-site and cloud copies:

• Encrypt before transmission (client-side encryption) for maximum security — even the cloud provider cannot read your data
• Use AES-256 encryption as a minimum standard
• Store encryption keys separately from the backups — if the keys are on the same system as the backup, an attacker who compromises one has both
• Document your encryption process and key management — if the person who set up the encryption leaves the organisation, you need to be able to decrypt your own backups

Disaster Recovery Planning

A backup strategy is part of a broader disaster recovery plan. For a digitised archive, your DR plan should answer:

• Recovery Time Objective (RTO): How quickly do you need access to your documents after a disaster? Hours? Days?
• Recovery Point Objective (RPO): How much data can you afford to lose? If you back up daily, you could lose up to one day’s new documents
• Priority order: Which records are most critical? Restore those first
• Communication: Who needs to know, and what do they need to do, while recovery is underway?
• Alternative access: Can staff access cloud backups directly while on-premise systems are restored?

UK-Specific Considerations

• Data sovereignty: Under UK GDPR, personal data should be stored in the UK or a jurisdiction with adequate data protection. Choose backup providers with UK or EU data centres
• Cyber Essentials: The UK government’s Cyber Essentials scheme includes backup requirements. Certification may be required for government contracts
• ICO guidance: The Information Commissioner’s Office recommends regular backups as part of appropriate technical measures under UK GDPR Article 32
• Insurance: Cyber insurance policies increasingly require documented backup and recovery procedures. Check your policy requirements

Get a Free Quote

Every project is different, so the best way to understand your options is to get in touch with our team. We provide clear, no-obligation advice — usually within the same day.

Call us on 01691 650355 or use the form below.