Most Perth SMEs have some form of backup. Far fewer have a genuine disaster recovery plan. And almost none have tested either one under realistic conditions. Here's what these terms actually mean, how to know what your business needs, and the most common gaps we find when auditing Perth businesses for the first time.
Backup is a copy of your data. If a file gets deleted or corrupted, you restore that file from backup. It's about data protection.
Disaster Recovery (DR) is the plan and infrastructure to restore your entire business operations after a major disruption — ransomware that wipes your servers, a fire that destroys the office, a NAS that fails with no functional backup. DR is about business continuity, not just data.
The backup trap: "We have cloud backup" is often used as a proxy for "we're protected." But if your entire server environment was encrypted by ransomware tonight, how long would it take to get back to a working state? Hours? Days? Weeks? That is your real risk exposure — not whether your data exists somewhere.
How long your business can survive without your IT systems before the financial or reputational damage becomes unacceptable. If your answer is "a few hours", your DR plan needs to be able to restore operations in that timeframe. If your answer is "a few weeks", you have more flexibility.
How much data your business can afford to lose. If backups run nightly, your RPO is 24 hours — meaning in a worst case, you lose a full day of work. If RPO needs to be under an hour, you need near-continuous replication, not daily snapshots.
| Business Type | Realistic RTO | Realistic RPO | Minimum Solution |
|---|---|---|---|
| Professional services (5–15 staff) | 4–8 hours | 4 hours | Cloud backup + documented rebuild procedure |
| Retail / POS dependent | 1–2 hours | 15 minutes | Failover virtualisation or DRaaS |
| Medical / healthcare | 2–4 hours | 1 hour | DRaaS with continuous replication |
| Finance / accounting | 4 hours | 2 hours | Cloud backup with immutable snapshots |
| E-commerce | 30 min | 5 minutes | Active-active or hot standby |
Tools like Veeam, Acronis, Backblaze B2, or Microsoft Azure Backup copy files and folders to cloud storage on a schedule. Good for individual file recovery. Poor for full server restoration — rebuilding a server from file-level backup can take 8–24 hours even with good tooling.
Captures a complete snapshot of the server or VM at a point in time. Restoration to a new physical or virtual machine is far faster than file-level restore. Critical for servers running databases, email, or line-of-business applications. If you're backing up a server, it should be image-based.
Microsoft's own recycle bin and retention policies are not a backup. They're designed for accidental deletion recovery within limited windows — not for ransomware, not for long-term retention, not for granular point-in-time restores. A third-party 365 backup (Veeam M365, Acronis, Dropsuite) is essential for any business where Exchange, SharePoint, or Teams data is critical.
Perth ransomware reality: Ransomware targeting Australian SMBs routinely attempts to reach and encrypt backup destinations before triggering the encryption of primary data. If your backup target is a mapped network drive or a storage account with write access from the server, it is not ransomware-safe.
An immutable backup is one that cannot be modified or deleted for a defined retention period — even by an administrator with full access to the backup system. Once written, it's locked.
Immutability protects against:
Platforms that support object-level immutability include AWS S3 Object Lock, Azure Blob immutable storage, Backblaze B2, and Wasabi. Most enterprise backup tools (Veeam, Acronis, Cohesity) can target these storage backends. If your current backup vendor doesn't offer immutable storage, that's a gap worth addressing now.
The classic 3-2-1 rule (3 copies, 2 different media, 1 offsite) has been extended to 3-2-1-1 for the ransomware era:
For businesses that can't afford prolonged downtime, DRaaS provides a pre-provisioned cloud environment that your servers can fail over to within minutes. Your production workloads are continuously replicated to a cloud provider, and in the event of a disaster, you flip a switch and your staff can continue working from the cloud copy within your agreed RTO.
DRaaS is more expensive than standard backup but far cheaper than the alternative for businesses where downtime costs real money per hour. Cloud providers offering DRaaS in Australia include Azure Site Recovery, Zerto, and Veeam Cloud Connect with Australian-based partners.
A backup that has never been tested is not a backup — it's an assumption. Backup validation should include:
What we see in practice: When we audit Perth SMEs for the first time, roughly 60% have a backup system that looks functional on paper but has never been tested with a full server restore. Of those, around 30% have silent failures — backups that are running but restoring corrupted or incomplete data.
| Gap | Risk | Fix |
|---|---|---|
| Microsoft 365 not backed up | Ransomware or accidental deletion loses email history | Third-party M365 backup tool |
| Backup to writable network share | Ransomware encrypts backup alongside production data | Immutable cloud target |
| File-level backup of server | Server rebuild takes 24+ hours | Upgrade to image-based backup |
| Never tested restore | Unknown corruption or backup failures | Monthly file restore tests |
| Single backup destination | Violates 3-2-1 — single point of failure | Add secondary cloud target |
Spectrum IT Services offers a backup audit for Perth businesses — we review your current setup and run a restore test to tell you exactly where you stand.
Request Backup Audit Call 0431 882 201Last updated: April 2026. Spectrum IT Services, Perth WA — managed IT, cloud, and cyber security for SMEs.