Backup Now
File, database, and email backup. Automatic backup, unlimited versioning, and ransomware alert system.
- Company
-
Products
Products
New ProductCloud Server
Fully managed virtual server infrastructure. Setup in minutes, hourly billing and 24/7 expert support so you can focus on your business.
Try Now -
Solutions
Backup & Security
Data SecurityRansomware & encryptionCloud BackupSecure backup to data centersImage BackupFull disk image + fast recoveryOff-Site BackupOff-site disaster recoveryMobile BackupiOS & Android photos/contactsRansomware ProtectionAgainst ransomware attacksTwo-Factor Auth2FA account security - Plans
- Resources
- Partners
- Blog
How to Back Up Properly? 7 Golden Rules to Prevent Data Loss
Introduction: Thinking You Are Backing Up and Actually Backing Up Properly Are Not the Same Thing
Most businesses say “we take backups”; yet when a data loss actually happens, the backups turn out to be either corrupted, too old, or impossible to restore. According to Gartner research, more than 60% of companies that do not perform planned data-recovery tests are forced to shut down within a year of a serious data loss.
So what exactly is “proper backup”? The difference between taking backups and doing backup properly is like the difference between signing an insurance policy and verifying that the policy is actually valid. In this article we cover the fundamental rules of a backup strategy that will actually keep your organization’s data safe, the most common mistakes, and the advantages offered by modern backup solutions.
1. The Golden Rule of Backup: The 3-2-1 Strategy
In the world of data protection, the rule that has remained valid for decades and is recognized as an international standard is the 3-2-1 backup strategy:
- Keep 3 copies of your data (the original + 2 backups)
- Store them on 2 different media types (e.g., local disk + cloud)
- Always keep 1 copy off-site (outside the organization)
With the rise of ransomware threats, this rule has been updated to 3-2-1-1-0:
- 1 copy offline or immutable
- 0 verification errors (a tested backup)
Practical example: The original data of your accounting server lives on the server, one copy lives on a local NAS device, and another copy lives in the Narbulut Cloud Backup infrastructure. Because the cloud copy is both off-site and protected against ransomware (immutable), your data is safe even in the worst-case scenario.
2. Choose Backup Types Correctly
The same backup method is not suitable for every dataset. Choosing the right type lowers your storage cost and speeds up restore:
Full Backup
The entire data set is copied from scratch. It is the safest method, but requires the most time and storage. It is typically run weekly or monthly.
Incremental Backup
Only the data changed since the last backup is copied. It is fast and uses little space; however, a restore needs the full chain of backups.
Differential Backup
All data changed since the last full backup is copied. Larger than incremental, smaller than full. A restore needs only the last full backup and the last differential.
Synthetic Full Backup
Incremental backups are merged in the background to produce a new full backup. You get the benefit of a full backup without putting load on the production system.
For most enterprise scenarios, the healthiest setup is the combination of one full per week + an incremental every day.
3. Define Your RPO and RTO
Two critical metrics shape your backup strategy:
RPO (Recovery Point Objective)
How much data loss can you tolerate in a disaster? 1 hour, 1 day, 1 week?
RTO (Recovery Time Objective)
How long, at most, can you tolerate the system being down before it is up and running again? 15 minutes, 4 hours, 2 days?
| Data Type | Suggested RPO | Suggested RTO |
|---|---|---|
| ERP / Accounting Database | 15 minutes – 1 hour | 1 – 4 hours |
| File Server | 4 – 24 hours | 4 – 8 hours |
| Email System | 1 hour | 2 – 4 hours |
| Archive Data | 24 hours | 24 – 72 hours |
Setting up a backup plan without defining these values is like boarding a ship that has no destination.
4. Set the Right Backup Frequency
“We take a backup once a day at midnight” is no longer enough for most businesses in 2025. A backup taken at 23:00 means an 11-hour data loss if a data-loss event happens at 10:00 the next morning.
Recommended backup approaches for critical systems:
- Databases (SQL, PostgreSQL): Full backup + transaction log backups (every 15 minutes)
- Virtual machines: Hourly or 4-hour snapshot-based backups
- File servers: Continuous Data Protection (CDP) or 2–4 incremental backups per day
- Endpoint devices (laptops): Automatic incremental backups whenever the device is online
Modern backup solutions manage these schedules automatically, without user intervention.
5. Define the Right Scope of Data to Back Up
A frequent mistake: backing up the “important folder” but skipping the database or system state. A complete backup scope should include:
- Files and folders (user data, shares)
- Databases (SQL Server, MySQL, PostgreSQL, Oracle)
- Email server data (Exchange, Microsoft 365, Google Workspace)
- Virtual machines (VMware, Hyper-V, Proxmox)
- System state, registry, and Active Directory configuration
- Application configuration files
- Certificates, license files, and custom configurations
Important note: SaaS services like Microsoft 365 and Google Workspace do not back themselves up. The data in these services (email, OneDrive, SharePoint, Teams) needs to be backed up separately with a third-party backup solution. Under the shared-responsibility model, this responsibility belongs to the customer.
6. If You Don’t Test Your Backup, You Don’t Have a Backup
The second face of the golden rule of backup: regular restore tests. An untested backup is a backup you only think you have.
The minimum you should do:
- A monthly “single file restore” test for a randomly selected file or folder
- A full virtual machine or database restore test every three months
- An annual disaster scenario drill (DR drill) — all critical systems are brought up in a different location
- Measuring restore times and comparing them against the RTO target
Modern solutions let you perform these tests without affecting production, thanks to “instant recovery” and “sandbox restore” (verification in an isolated environment) capabilities.
7. Encryption, Versioning, and Retention Policy
Proper backup means not only copying data but also storing it securely and in a manageable way:
End-to-end encryption (E2E)
Data should be encrypted at the source, protected with TLS 1.2/1.3 in transit, and stored with AES-256 at the destination. The encryption key should be under the customer’s control alone.
Versioning
Not only the latest version of a file but its previous versions should also be retained. This makes it possible to roll a file back to its state three days ago — and saves the day, especially during ransomware attacks.
Retention Policy
KVKK and sector-specific regulations require certain data to be retained for specific periods. Your backup policy should manage these periods automatically.
Immutability
Preventing backups from being deleted or modified for a defined period is the strongest line of defense against ransomware attacks.
The 5 Most Common Backup Mistakes
- Keeping the backup on the same server or in the same location. Fire, flooding, or theft takes everything at once.
- Ignoring backup alerts. Failed-backup notifications can be ignored for days; when a critical moment arrives, the backup is not there.
- Treating cloud storage as a backup. OneDrive or Google Drive is a sync service; if you delete a file or ransomware encrypts it, the change is propagated to the cloud as well.
- Backing up only the “important folder”. Databases, system state, and application configurations get forgotten.
- Never testing the backup. Taking a backup is not the process — successfully restoring it is.
Secure Your Data with Narbulut
No matter how well you plan your backup strategy, you need a reliable solution to execute it. This is exactly where Narbulut comes in.
Narbulut is Turkey’s leading domestic provider of cloud backup and storage services. From individuals and SMEs to enterprises and public institutions, we deliver data protection solutions for a wide range of needs. Your data is stored in data centers located within Turkey, on KVKK-compliant infrastructure, with end-to-end encryption.
Key features of the Narbulut cloud backup platform:
- Automated and scheduled backups: Protects your data even while you sleep.
- Full, incremental and differential backup support: Build the backup strategy that fits your needs, flexibly.
- File, folder, SQL database, virtual machine and application-level backup: Manage every type of data from a single platform.
- Instant Recovery: A virtual machine or critical file is brought up from backup in seconds, no waiting required. Your RTO drops to minutes.
- Unlimited Versioning: Access an unlimited number of past versions of any file and easily roll back to the exact point in time you need.
- Reseller and enterprise portfolio management: A centralized management panel for partners to control multiple customers from a single point.
- Local support: Always by your side with a professional, fast Turkish-speaking technical support team.
Which Narbulut solution is right for you?
Easy Image Backup
Disk and volume image backup. Hybrid backup, universal restore, and LiveOS boot disk support.
Data security is not a cost line item — it is the foundation of your business continuity. After a data loss, it is too late to say “we wish we had taken backups”. Taking the right steps today is what allows your business to keep running tomorrow when disaster strikes.
