Data Backup Essentials

Backups are your safety net when things go wrong. Here’s how to make sure your organisation’s important data can be recovered when you need it most.
A hard drive

Imagine losing access to your client records, financial data or emails overnight. Whether caused by a ransomware attack, hardware failure or accidental deletion, data loss can bring operations to a halt, and in the worst cases, damages can be permanent.

For not-for-profits, the impact can be severe. From donor records and grant applications to client information, lost data may be difficult (and in some cases even impossible) to recreate, which can affect the people and communities you serve.

The good news is that with a few practical steps, you can make sure your organisation's data is both protected and recoverable, without it being complex or expensive.

This guide will walk you through what to back up, how to do it effectively, and what to consider when building a backup strategy that works well for your organisation.

What’s the difference between backups and retention? ⤵

When managing your organisation’s information, it is important to understand the difference between backup and retention. Although they both protect information, they serve different purposes and use different cloud‑based controls.

Understanding this difference helps organisations:

  • recover quickly from incidents such as cyber-attacks or accidental deletion
  • meet legal and regulatory obligations
  • reduce security risk and unnecessary data storage.

Backup

  • Purpose: Recover information after loss or damage
  • Method: Time‑based copies stored separately
  • Example use: Ransomware, accidental deletion, system failure

Retention

  • Purpose: Meet legal and governance obligations
  • Method: Policy‑based rules applied directly to information
  • Example use: Record keeping, audits, regulatory compliance

Learn more about the importance of data retention: Understanding backup and retention

What should you back up?

The first step is identifying the digital data and systems your organisation needs to operate day-to-day. This includes information that supports your staff, services and work, such as:

  • email and calendar data
  • working files, including documents, spreadsheets, and presentations
  • financial records, including payroll information
  • donor and fundraising data
  • client or member records
  • employee records, HR files, and legal documents
  • any specialist systems or software your organisation relies on.

A simple rule of thumb

Will losing the data disrupt your operations or take a long time to recreate? If yes, then it should be backed up.

What makes a good backup strategy?

The most important part of a backup strategy is making sure at least one copy of your data is kept separate from your main systems. This means the backup is not directly connected to your everyday computers or network. If something goes wrong, such as a ransomware attack that locks or damages your files, the backup is out of reach and remains safe. Having this separation ensures you can recover your data when you need it most.

This is often called an “offline” or “isolated” backup, and it can look like:

  • Using an external hard drive that is unplugged or disconnected from your network once the backup is complete.
  • Using a separate cloud service that is not connected to your day-to-day systems. There are dedicated third-party cloud backup services which allow you to securely store backups in their cloud environments.

The key point is that this backup copy should not be permanently connected to your network. If it is, it could be affected by the same incident that impacts your main systems.

A note on popular cloud productivity and collaboration suites

Microsoft 365 or Google Workspace include basic short-term backups to assist with accidental deletion, but these protections are often not comprehensive enough to sufficiently protect against data loss during a cyber attack or system failure. Check what is and isn’t covered to inform your decision making.

Discounted tech: Check out Connecting Up for discounts on software and technology to support your backup processes.

How often should you back up?

How often you back up should reflect how frequently your data changes and how much work you could afford to lose if you had to restore from your most recent backup.

Common backup frequencies include:

  • Weekly backups which are usually a good starting point for most small not‑for‑profits, especially where data changes gradually and budgets are limited.
  • Daily backups which are more suitable if your organisation relies heavily on email, shared files, or client systems and cannot afford to lose recent changes.
  • Real-time or continuous backups which are typically unnecessary for most not‑for‑profits and are better suited to larger organisations with frequent data changes and higher IT budgets.

If you are unsure where to start, weekly backups are often a practical and affordable baseline, with the option to increase or decrease frequency according to your organisation’s needs.

Practical steps to get started

  1. List the data you cannot afford to lose

    Identify the information, documents, emails and data (such as client, financial or donor) your organisation needs to keep running. Include data stored in cloud services as well as locally on computers.

    READ: Data inventory pack: Getting your not-for-profit’s data in order

  2. Create a backup that is kept separate

    Set up at least one isolated backup using the methods outlined above, whether that's an external hard drive, a separate cloud service or both.

  3. Set backups to run automatically

    Choose a tool or service that backs up your data on a regular schedule, such as weekly or daily, so you do not have to remember to do it manually.

  4. Check that your backups work

    Once or twice a year, complete a test restoration from your backup to make sure the data can be recovered if needed.

  5. Keep backups safe

    Store physical backups in a locked place. Protect online backups with strong passwords and multi‑factor authentication.

  6. Assign someone to be responsible

    Make sure at least one person in your organisation is responsible for monitoring backups, running tests, and knowing how to restore data if needed. Having a backup is only useful if someone knows it exists and how to use it. For security purposes it is important to understand who has permissions to access the organisations backups.

  7. Document your backup processes

    Write down what is being backed up, where it is stored, how often backups run and who is responsible for maintaining them. It doesn’t need to be a complex document. A simple one-page document can go a long way in ensuring anyone in your organisation can understand and follow the process. If you have an Information Security Policy, include the backup information as a section in the broader policy to keep all the key information in one place.

    READ: DIY information security policy template for not-for-profits

Keep it simple and protect your data

A backup strategy doesn't need to be complicated. At its core, it's about making sure that if something goes wrong, your organisation can get back up and running without losing critical data.

Start by identifying what matters most, make sure at least one copy is stored separately from your main systems, test it regularly to confirm it works and most importantly document how this is done.

Rate this guide

No votes yet

Status message

Thanks for rating this guide.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.