Most Durban SME owners have a backup. One copy. On an external hard drive that someone plugs in on Fridays. That drive sits next to the computer it backs up. On the same desk. In the same building.
When ransomware hits, the encryption process finds and locks that drive along with everything else. Sometimes within seconds. Every file. Every invoice. Every client record. Everything from the past five years. Gone, unless you pay.
This guide covers what a real backup strategy looks like for a South African small business, which options work well on local internet connections and budgets, and a checklist you can run through today to find out where your gaps are.
Why a single local backup is not a backup strategy
A backup strategy exists to protect you against multiple failure scenarios simultaneously: ransomware, hardware failure, fire, theft, and human error. A single copy on an external hard drive fails under most of those scenarios.
Ransomware encrypts everything the infected machine can access. If your backup drive is connected, directly or via the network, it gets encrypted with everything else. Hardware failure can destroy both the original and the backup if they are on drives in the same physical location. Fire or flooding destroys both. Theft removes both.
The scenarios where a single local backup actually protects you are limited to accidental deletion and partial hardware failure. Those scenarios happen. But they are not the ones that put businesses out of operation.
The 3-2-1 rule in plain terms
The 3-2-1 backup rule is the most widely recommended backup standard in the world. It is not complex. It means:
Three copies of your data in total. The original plus two backups.
Two different storage types. The reason for different types is that the same failure event, such as a power surge or ransomware, is unlikely to affect both simultaneously if they are different systems. One could be a local NAS drive and one could be cloud storage.
One copy offsite. The offsite copy is what saves you when something happens to your physical premises. This is the cloud backup component for most small businesses.
The offsite, or cloud, copy should ideally be immutable or air-gapped for ransomware protection. Immutable means the backup cannot be altered or deleted for a defined period, even by the backup system's own processes. Air-gapped means it is physically or logically disconnected from your main network. Either approach means ransomware cannot reach it even with full network access.
Cloud backup options that work for SA SMEs
South Africa's internet infrastructure has improved significantly but upload speeds remain a constraint for businesses on consumer fibre or ADSL connections. Backup solutions should be evaluated on:
Cost per gigabyte, because you may have substantial data to protect. Bandwidth requirements, because large initial backups can saturate your connection. Reliability of the provider, because a cheap backup service that loses data during a restore is worse than useless.
These options work well in the South African context:
Backblaze Business Backup is a US-based service that charges a flat monthly rate per computer, currently around R250 to R300 per machine. It backs up continuously in the background. The initial backup can take several days on a slower connection, but subsequent incremental backups are small. Restores can be done over the internet or via a hard drive mailed to you. The mail-a-drive service is not available from South Africa, but web restores are.
Microsoft OneDrive for Business, included in Microsoft 365 subscriptions, gives each user 1TB of cloud storage with version history. If your business is already on Microsoft 365, this is already available to you and you may not be using it. It is not a full backup system, it does not back up applications or system files, but for document backup it is reliable and already paid for.
Acronis Cyber Protect is a more comprehensive backup solution that includes ransomware protection features alongside backup. It has South African resellers and is priced for SME use. If you want a single solution that handles both backup and active ransomware detection, this is worth considering.
Synology NAS with cloud sync is a local network-attached storage device that can sync to cloud storage (Backblaze B2, Wasabi, or Amazon S3) automatically. More setup involved upfront, but gives you local fast restores alongside an offsite cloud copy. A Synology DS223 with two drives runs around R5,000 to R8,000 including drives. Annual cloud storage costs for a typical SME dataset are low.
What to back up
Most business owners think of "files" when they think of backups. The files are important, but they are not everything.
Your accounting data. This is frequently overlooked because it lives inside an application rather than as a standalone folder. Sage, QuickBooks, Pastel, and Xero all have export or backup procedures. Run them regularly and include the output in your backup strategy.
Your email. If you run email through Microsoft 365 or Google Workspace, your email is already in the cloud and relatively safe. If you run email through a local server or a smaller South African hosting provider, make sure that email is specifically included in your backup.
Your contacts and calendar. These matter more than people realise until they are gone.
Your system configuration. If your server or main workstation has a specific configuration, including installed software, network settings, and user accounts, a system image backup means you can restore to full operation faster after an incident, not just restore files.
Your client data and records, including anything in practice management software, HR systems, or CRM platforms. Check whether those applications have their own export or backup function.
How to test that your backup actually works
Most businesses never test their backup. They find out it does not work when they need it most.
Testing a backup does not require anything complex. Once a month, pick a random file from your backup and restore it to a different location. Confirm it opens correctly. Once a quarter, try to restore a folder. Once a year, do a full test restore of a critical system to confirm the process would work in a real incident.
If your backup is cloud-based, test the restore process before you need it. Know where the restore function is. Know how long it takes. Know what the limitations are on file size or type.
An untested backup is better than nothing, but do not assume it works until you have confirmed it does.
How backup protects you when ransomware hits
If you have a 3-2-1 backup with an offsite or immutable copy, a ransomware attack becomes an operational disruption rather than a catastrophe. You lose the time required to restore and the cost of the incident response. You do not lose your business.
Without a backup, your options are: pay the ransom, hope the decryption key works and that the attacker does not still publish your data, or rebuild from scratch. Many businesses in South Africa that have paid ransoms still did not get full recovery. The attacker does not have a customer service obligation.
Do not be in that position. A proper backup strategy costs less per month than the daily cost of having your business offline for a week.
A simple backup audit checklist
Run through these questions today:
Do you have more than one copy of your business data? If no, stop here and set up a second copy before anything else.
Is at least one copy stored somewhere other than your office? If no, set up a cloud backup today.
Is at least one copy protected from ransomware (offline, air-gapped, or immutable)? If no, configure immutable backups on your cloud backup solution.
Have you tested restoring from your backup in the last 90 days? If no, do a test restore this week.
Does your backup include accounting data, email, and application data, not just documents? If no, check the export procedures for each application and add them to your backup process.
Do you know how long a full restore would take and what it would cost? If no, find out now, not during an incident.
For an assessment of your current backup posture and overall cybersecurity readiness, visit /services/cybersecurity-assessment/. For context on how ransomware attacks develop, read our ransomware targeting SMEs guide.
Reach us at [email protected].
Sources: - CISA: Back Up Business Data: CISA Guidance (Published: 2024) - CISA: Data Backup Options (Published: 2024)
© 2026 Ubuntu Guard Cybersecurity | Durban, South Africa ubuntuguard.co.za