According to our experience with 100+ SMEs in Geneva and Vaud, 7 out of 10 companies have critical gaps in their back-up.
The good news? Effectively protecting your SME is neither complicated nor prohibitively expensive.
Here’s a practical guide to protecting your business without tying up valuable resources, with 10 essential practices that make all the difference.
1. Apply rule 3-2-1
The principle: 3 copies of your data, on 2 different media, including 1 off-site.
How to apply:
- Copy 1: your production data (servers, workstations, M365)
- Copy 2: local backup (NAS or dedicated server) → fast recovery
- Copy 3: Swiss cloud backup → disaster protection
Example of a 50-strong SME: Servers + local 6TB NAS + Infomaniak cloud → server failure recovery in several hours.
2. Test your restorations regularly
“An untested backup is not a backup”.
40% of SMEs discover that their backups are corrupted… when they restore them.
Minimum test program :
- Monthly: restore 5-10 random files (1h)
- Quarterly: restore a complete server on a test environment (½ day)
- Annual: full disaster recovery test (1 day)
3. Automate everything
Manual backups don’t work. Item.
What should be automatic:
- ✅ The backups themselves (daily or continuous)
- ✅ Integrity check after each backup
- ✅ Replication to cloud
- ✅ Rotate and delete old versions
- ✅ Email alerts in case of failure
Config type PME 40 employees:
- Servers: full backup Sunday 10 p.m., incremental Monday-Saturday 8 p.m.
- Microsoft 365: daily backup at 2 a.m.
- Workstations: backup as soon as network connection detected
These features are integrated into our Acronis for SMB solution, with initial configuration included.
4. Encrypt your backups (nLPD)
Visit new nLPD law requires encryption. There are no more options.
Standard required :
- Algorithm: AES-256 minimum
- In transit: TLS 1.3
- At rest: full encryption of stored backups
- Key management: secure storage separate from backups
5. Protect yourself against ransomware
43% of cyber attacks on Swiss SMEs are ransomware.
3-coat protection:
- Prevention: behavioral detection, URL filtering, antimalware
- Isolated backups: immutable mode, impossible to modify even by an attacker
- Fast recovery: Instant Restore in 15 seconds-2 hours
🔒 Focus: Immutability, your best defense against ransomware
What is immutability?
An immutable backup is a backup that cannot be modified, encrypted or deleted during a defined period, even with administrator access. It’s like a time safe: once locked, it can’t be opened before the deadline.
Why it’s critical:
- Modern ransomware targets your backups first, to force you to pay.
- 83% of attacks attempt to destroy backups before encrypting data.
- Without immutability, even your backups are vulnerable.
Recommended SME configuration :
- Period of immutability: 14-30 days minimum (align with retention period)
- Storage: immutable backups on cloud + local WORM (Write Once Read Many) mode
- Management: Only automatic expiration can delete (no admin, no malware)
Real case: SME 55 collab, ransomware, 80% files encrypted, ransom CHF 95’000 → Recovery in 6h with Acronis, zero ransom paid, cost CHF 8’500 vs CHF 95’000+.
6. Define realistic RTOs and RPOs
RPO (Recovery Point Objective): How much data can I lose?
→ Time between two backups (e.g. 4h = max loss 4h of work)
RTO (Recovery Time Objective): How long can I stay without this system?
→ Maximum recovery time (e.g. 2h = restoration in less than 2h)
SME recommendations :
- Critical systems (ERP, CRM, email) : RPO 4h / RTO 2-4h
- Important systems: RPO 24h / RTO 4-8h
- Non-critical systems: RPO 7 days / RTO 24-48h
7. Document everything
In a crisis, you don’t have time to think about how to restore.
Essential documents :
- ✅ Disaster Recovery Plan (DRP) with system priorities
- ✅ Step-by-step runbook for each restoration scenario
- ✅ Emergency contacts (IT, support, management, insurance)
- ✅ Complete technical inventory (servers, apps, licenses)
- ✅ Test log (history, results, corrective actions)
Location: copies in office + cloud + at a manager’s home (paper)
8. Continuous monitoring and adjustment
KPIs to be monitored monthly :
- 📊 S uccess rate: >99% expected
- ⏱️ Backup time: alert if +20% increase
- 💾 B ackup size: allow for storage growth
- 🔐 Unauthorized access attempts: monitor
- ⚡ A ctual RTO/RPO: measured during testing vs. objectives
Mandatory quarterly magazine :
- KPI analysis and trends (30 min)
- Review of incidents and failures (30 min)
- Infrastructure evolution (30 min)
- Necessary adjustments (30 min)
9. Build your team
The best solution is useless if nobody knows how to use it.
Minimum training :
- All employees (30 min/year): importance of backups, file recovery, good security practices
- IT team (1 day/year): full console training, restoration procedures, practical tests
- Management (1h/year): issues/risks, backup strategy, costs vs. benefits, nLPD obligations
Recommended practical exercises :
- Restore a deleted Excel file (5 min)
- Recover deleted email (5 min)
- Restore a complete server on a test environment (simulation)
10. Plan the evolution
As your SME grows, so do your needs.
Reassess your strategy when :
✓ Growth +30% in workforce over 12 months
✓ New location (office, branch)
✓ Infrastructure migration (cloud, new servers, ERP)
✓ Acquisition/merger
✓ Regulatory change in your sector
✓ Major incident (ransomware, data loss)
Typical SME evolution :
- 20-50 people: CHF 5-8k/year → backup servers + M365 + priority workstations
- 50-100 people: CHF 12-20k/year → multi-site infrastructure, DRaaS, aggressive RTO/RPO
- 100+ people: CHF 25-50k/year → full redundancy, automatic failover.
Need help implementing these best practices? Discover our automatic backup solution for Swiss SMEs, with free audit.
Infologo has been helping Swiss SMEs optimize their enterprise backup strategy for over 15 years.
