"No Backup, No Pity" – that was one of the first sentences my IT teacher drilled into me in vocational school. Back then, I thought it was a bit exaggerated. Until the day this statement turned out to be absolutely true.
We were supposed to create a website for a non-profit organization as part of a class project. Everything was prepared, the client stood punctually in front of the classroom, the excitement was great – and suddenly: panic. The central project server was dead. Hardware defect. No RAID, no backups – nothing. Outcome: Anyone who had secured their work locally or on a USB stick could present. The rest were left empty-handed. XAMPP on the laptop became a last resort. An experience that I’ll never forget.
What was then a school project, I unfortunately still encounter today – in companies. Sometimes it’s local data on an old computer, sometimes unsecured data on a NAS without a backup concept. And eventually, when something really does happen – whether it’s hardware failure, a cyberattack, or user error – the drama is big. But then the rule is: No Backup, No Pity.
Which Data Should I Back Up?
The topic of data backup is neglected in many firms. IT is there to function – but without a clean process and backup strategy, everything is like a patchwork quilt:
- Data on notebooks, desktops, and tablets
- Files on NAS and external hard drives
- Calendars and emails in various inboxes
- Data in cloud services, CRM, or ERP systems
So, the right question is not "What should I back up?" but rather: Where are the data that are important for my company located?
Often, it is more sensible to back everything up than to try to be selective. Especially if no one has the full overview.
Best Practice:
Central data storage. No local data. Whether on a NAS, a file server, or a cloud service – the client is just the access device. Companies with thin clients and terminal servers work according to this principle. But even without terminal servers, this is possible with central network drives and clean permissions management.
Advantage:
If a device breaks, the effort is minimal. Set up a new device, log in the user, done.
Overview of Backup Types
In the IT world, there are three basic types of backups:
1. Full Backup
A full backup saves all selected data completely – regardless of whether they have changed since the last backup or not.
Advantage:
- Simplest restoration. Disadvantage:
- Requires a lot of storage space and time.
2. Incremental Backup
An incremental backup only backs up the data that has changed since the last backup. There is usually an initial full backup followed by daily incremental backups.
Advantage:
- Very space-saving and quick. Disadvantage:
- To fully restore, you need the latest full backup and all subsequent incremental backups. If one fails, the data between them is lost.
3. Differential Backup
A differential backup saves all data that has changed since the last full backup.
Advantage:
- Faster than a full backup, but more comprehensive than an incremental backup. Disadvantage:
- Requires more storage space than an incremental backup but less than daily full backups.
In practice, we often see mixed forms – usually a weekly full backup combined with daily incremental backups.
How Should I Create Backups?
There are countless backup storage options — but not everything that sounds like a backup is one. It’s important to know: Services like Google Drive, Dropbox, or OneDrive are not full backups. They sync data, which is actually the biggest problem in the event of data loss or encryption: If the encrypted or deleted file is synchronized, it is gone everywhere. Additionally, from a GDPR perspective, storing personal data on US services is tricky and often not permissible.
Offline Backups
Offline backups are still trusted, but here too the storage medium matters:
- Flash storage, like USB sticks or SD cards, wears out quicker than you might think. Ask a photographer how they feel when the card with the employee photos suddenly becomes unreadable.
- External hard drives (HDDs) with large capacity are cheap but mechanically fragile. Another problem: Bit rot. This is the gradual data loss over years, even if the drive is not in use. Magnetic information fades, and suddenly the file is corrupted without anyone ever using the hard drive.
- SSDs are technically more robust, shockproof, and far more reliable. Theoretically, they shouldn’t experience bit rot. Still: In IT, the basic principle is that everything that can break will eventually break.
Therefore, the most important thing in any backup strategy is: Create redundancies.
Online Backups & NAS Solutions
In addition to classic offline backups, online backups are playing an increasingly important role – especially in conjunction with NAS systems (like those from Synology or QNAP).
A good example is Synology Active Backup for Business:
- This solution allows whole servers, virtual machines, PCs, and even Microsoft 365 or Google Workspace data to be backed up automatically.
- The backups are stored centrally on the NAS and can be managed via versioning.
- It’s important to note: The backups should also be encrypted on the NAS itself and ideally stored in a separate, write-protected folder.
Advantages:
- Automated, centralized backup of all key systems.
- Flexible restoration options – from individual files to the entire system.
- Combined with external backup synchronization, modern and secure backup concepts can be implemented.
Many NAS systems also offer their own cloud sync and offsite backup services. For example, a Synology NAS can upload all backups, encrypted, to an external backup server or a certified German cloud solution.
This is particularly important when it comes to adhering to the 3-2-1 backup rule:
- 3 copies of the data
- on 2 different media
- 1 of which is at an external location
Summary of the Most Important Backup Rules:
- Always encrypt backups.
- Store encryption keys securely offsite.
- Store backups in a write-protected manner.
- Set up offsite backups.
- Set up automated online backups using NAS backup tools like Active Backup.
- Perform regular restore tests.
My Tip: In the end, what matters is not how many backups you have, but whether they work in an emergency.
A Recent Case: HT-Hosting
Recently, the provider HT-Hosting ceased operations following a devastating cyber attack. According to their own statement, the Proxmox VE Cluster was "destroyed." The last backup status is unclear – customer reviews criticize that communication was sparse and apparently not all data could be restored.
In a statement on Trustpilot, they admitted:
"We are working with data recovery specialists to recover as much data as possible."
That doesn’t sound like a well-structured emergency plan. Although it was offered to upload backups to other providers, the key questions remain unanswered:
- How old was the backup?
- Why wasn’t a complete restoration possible?
- Was there an emergency documentation?
Such incidents are not rare. Many hosts and companies only realize in an emergency that their backup concept is full of holes. By the time that happens, it’s too late.
How Can I Prevent This?
Key points for a solid backup and recovery concept:
- Central Data Storage: Data doesn’t belong on local devices but on central servers, NAS systems, or cloud services.
- Regular, verified backups: A backup is only as good as its restore test. Regular restoration tests are mandatory.
- Define a Backup Strategy: Combination of full, incremental, and possibly differential backups.
- Multiple Backup Locations: At least one offsite backup (e.g., in another branch or at a reputable cloud provider).
- Emergency Plan and Documentation: Who is responsible for what and when? What is done in case of a failure? How is recovery performed? This must be documented in writing.