Technology

Build a backup plan that can survive ransomware

Decide what must be recoverable, keep at least one copy away from the everyday system, and test restoration before the files matter.

Key takeaways

  • Synchronization is useful, but a synced deletion or encryption can spread quickly.
  • Keep multiple copies on different media, with one copy offline or otherwise isolated.
  • A backup is not trustworthy until you can restore a sample and verify it.

Start with recovery, not storage capacity

List what would be difficult or impossible to recreate: identity documents, tax records, family photos, current work, password-vault recovery material, business records, and device configuration. For each group, decide how much recent work you can afford to lose and how quickly you would need access.

A photo archive may tolerate a weekly backup but need decades of retention. Current business files may need daily versions and a faster restore. Those are different recovery requirements even if they live on the same laptop.

Include phones, tablets, shared family folders, removable cards, and cloud-only documents in the inventory. Many backup plans protect the main computer well but miss the device that holds the newest photos or the online workspace that never downloads a local copy.

Use copies that do not share one failure

The CISA ransomware guide recommends offline, encrypted backups and regular testing of their availability and integrity. The principle is simple: if malware, a stolen account, a fire, or an accidental deletion can reach every copy in the same way, you do not have meaningful redundancy.

CopyWhat it helps withWhat it does not solve alone
Working copyEveryday accessDeletion, theft, hardware failure, ransomware
Versioned cloud backupOff-site recovery and earlier versionsCloud-account takeover, provider limits
Disconnected driveIsolation from everyday attacksFire, theft, forgotten update schedule
Second off-site copyLocation-wide lossNeeds encryption and a tested retrieval process

Separate backup from sync

A sync service keeps files consistent across devices. That is convenient, but consistency can include unwanted deletion or encrypted files. Version history and recycle-bin retention help, yet they may be limited by time, plan, file type, or account status.

Check the service’s retention period, version behavior, restore limits, encryption model, account-recovery method, and whether it offers an independent backup product. Write the findings down; do not rely on the word ‘cloud.’

Keep the backup credentials recoverable

If the only copy of an encryption key or recovery code is stored inside the encrypted backup, the data may be perfectly protected from you. Store recovery material separately and test it.

Automate the routine, isolate one copy

  1. 1

    Enable an automatic, versioned backup for the folders on your critical-data list.

  2. 2

    Add a second medium, such as an external drive. Connect it only for scheduled backups if your software and workflow allow.

  3. 3

    Encrypt portable media, label it without exposing sensitive contents, and record the last successful backup date.

  4. 4

    Keep one copy in a different physical location or a provider account protected by strong MFA.

  5. 5

    Set reminders for any manual step. A disconnected drive that has not been updated for two years is an archive, not a current backup.

Run a restore drill every quarter

The drill turns a hopeful copy into evidence that recovery works. If the process is too complex to test, simplify it before an actual incident forces the test for you.

  • Choose several files, including a photo, a document, a folder with many items, and one older version.
  • Restore them to a separate location so the test does not overwrite the originals.
  • Open the files and compare sizes or checksums where practical; a filename alone does not prove integrity.
  • Record how long the restore took, which credentials were needed, and any undocumented step.
  • Update the backup plan when devices, cloud providers, household members, or critical folders change.

Evidence record

Sources and methodology

We used primary public sources for the factual framework, then wrote and structured this guide independently. Links are checked during editorial review and when a guide is substantively updated.

  1. #StopRansomware GuideCybersecurity and Infrastructure Security Agency · Used for: Backup isolation, encryption, and restore testing
  2. NIST SP 800-63B-4: Authentication and Authenticator ManagementNational Institute of Standards and Technology · Used for: Account and authenticator protection context

This article is general educational information, not individualized financial, medical, legal, tax, cybersecurity, construction, or career advice.

About the byline

Everyday Fieldbook Digital Safety Desk

An organizational byline for our personal-technology and digital-safety workflow, grounded in public standards and agency guidance rather than invented testing claims.

Read our editorial policy