What Data Should a Small Business Back Up?

Small businesses often know they need backups, but the harder question is what should actually be backed up. The answer is not “everything” by default. The answer is the information and systems the business needs to operate, serve clients, recover finances, meet obligations, and resume work after disruption.

A practical backup plan starts with business impact. If a system disappeared tomorrow, what would stop? Who would be affected? How long could the business work around it? What data would be painful or impossible to recreate?

Start With Core Business Data

Core business data usually includes the records needed to serve clients, bill customers, pay vendors, manage staff, and continue daily operations. This may live across several systems, not just one file server.

• Client files and project documents
• Accounting and invoicing data
• Payroll and HR records
• Contracts, proposals, and signed documents
• Operational procedures and internal knowledge
• Databases used by line-of-business applications

Do Not Assume Microsoft 365 Is Fully Backed Up

Microsoft 365 has retention and recovery features, but that does not always equal a complete backup strategy. Email, OneDrive, SharePoint, Teams files, and shared mailboxes may need separate backup decisions depending on business risk, retention needs, and recovery expectations.

If Microsoft 365 is central to the business, review whether mailboxes, OneDrive, SharePoint sites, Teams-connected files, and shared mailboxes can be restored in the way the business expects.

Include Cloud Apps And SaaS Platforms

Many small businesses have important data in cloud applications: CRM systems, accounting platforms, scheduling tools, ticketing systems, project management apps, marketing platforms, and industry-specific software. Some provide export or recovery options, but the business should understand what those options are.

Ask whether the data can be exported, how often exports should happen, where exports are stored, and who is responsible for checking them.

Back Up Configuration And Access Information

Recovery is not only about files. It is also about knowing how systems were configured. Network settings, DNS records, firewall rules, Microsoft 365 settings, vendor contacts, license information, and recovery keys can all matter during an outage or transition.

• Network diagrams and important settings
• Domain, DNS, and website access records
• Admin accounts and emergency access procedures
• Software license and vendor details
• Recovery keys and encryption information

Think About Devices Separately

Not every laptop needs a full device backup if business files are properly stored in OneDrive, SharePoint, or another managed system. But if staff save important data locally, that creates risk. Device backup decisions should match how people actually work, not how the business assumes they work.

Decide How Long Data Should Be Kept

Backup retention should be intentional. Some data only needs short-term recovery. Other records may need longer retention for business, legal, insurance, or compliance reasons. Retaining everything forever can create cost and management issues, but deleting too quickly can create business risk.

Test Recovery, Not Just Backup Jobs

A backup is only useful if recovery works. Test restores for important systems, especially Microsoft 365 data, accounting files, client files, and operational documents. The test does not need to be dramatic. It just needs to prove that important data can be restored when needed.

A Practical Next Step

Make a simple list of the systems your business would need in the first day after a disruption. Then check whether each one is backed up, monitored, and recoverable. OnlineV helps Calgary businesses review backup coverage, Microsoft 365 backup needs, and recovery expectations without turning the process into a complicated project.