BACKUP · BUSINESS CONTINUITY · RANSOMWARE RESILIENCE

Backup & Business Continuity
That Actually Works When You Need It

Most organizations have backups. Most of those backups would not survive a ransomware attack — because the ransomware encrypted them too. ThreeShield designs and implements backup architectures where the backups are genuinely isolated from your production environment, and we run quarterly restore tests to verify they work before an incident forces you to find out.

Review Our Backup Architecture Book a Call →
93%Of ransomware attacks attempt to encrypt or delete backup copies — isolated backups are the primary defence
QuarterlyThreeShield runs restore simulations every quarter — not just verifying that backups completed, but that files actually restore
RTO / RPORecovery Time and Recovery Point Objectives — defined upfront so everyone knows what "restored" means before an incident
M365Microsoft does not backup your M365 data to a recoverable copy — separate M365 backup is a separate requirement

The Backup Problem Most IT Firms Don't Talk About

What most organizations have

  • A backup drive connected to the same network as production systems
  • Backups to a NAS that uses the same credentials as the file server
  • Cloud backups from a service account that ransomware can reach and delete
  • M365 relying on Microsoft's recycle bin (not an independent backup)
  • Backups that have never been tested with an actual restore
  • No defined RTO/RPO — no one knows how long recovery actually takes

What ThreeShield implements

  • Air-gapped or immutable backup copies that ransomware cannot reach or encrypt
  • Separate credentials for backup systems not shared with production
  • Cloud backups with object lock or versioning that prevents deletion
  • Independent M365 backup covering Exchange, SharePoint, OneDrive, and Teams
  • Quarterly restore simulations with documented results
  • Defined RTO/RPO targets aligned to your actual business requirements

The 3-2-1-1 Backup Standard

ThreeShield designs backup architectures around the 3-2-1-1 rule — the current industry standard for ransomware resilience.

3

3 Copies of Your Data

Your production data plus two independent backup copies. If one backup fails or is corrupted, you have another. Single-copy backup strategies are not adequate for business continuity.

2

2 Different Storage Types

Copies on two different types of media or storage systems. A backup on the same storage array as production data doesn't help when the array fails. Diversity — local NAS plus cloud, or tape plus cloud — provides resilience against hardware failure.

1

1 Off-Site Copy

At least one copy in a different physical location. An office fire, flood, or theft that destroys your primary systems should not also destroy your only backup. Cloud backup satisfies this requirement when it's genuinely isolated from your on-premises environment.

1

1 Immutable / Air-Gapped Copy

The fourth "1" is the ransomware-resilience addition: at least one copy that cannot be modified or deleted by ransomware — either because it's physically disconnected (air-gapped), or because it's stored with object lock enabled so it cannot be overwritten or deleted for a defined retention period. This is the copy you fall back to when everything else is encrypted.

What ThreeShield Delivers

Backup Architecture Assessment

ThreeShield reviews your current backup configuration against the 3-2-1-1 standard and identifies gaps. The assessment covers backup scope (what's included and what's missing), storage isolation, credential separation, retention periods, and recovery procedures. You receive a written report with prioritized remediation recommendations.

Backup Redesign & Implementation

Where gaps exist, ThreeShield designs and implements the corrected architecture. This includes selecting appropriate backup software and cloud targets, configuring immutable storage where required, establishing credential isolation, and documenting the backup configuration in a runbook that your team can use during an incident.

Microsoft 365 Backup

Microsoft's M365 service does not provide an independent backup. Exchange Online, SharePoint, OneDrive, and Teams data can be permanently deleted or corrupted with no recovery option if not backed up independently. ThreeShield implements and manages third-party M365 backup for managed clients, covering all four workloads with defined retention periods.

Quarterly Restore Simulations

A backup that has never been tested is a hypothesis. ThreeShield runs quarterly restore simulations — selecting representative files and verifying they restore successfully from backup — and documents the results. This satisfies cyber insurance requirements, demonstrates working backup to auditors, and ensures you know your recovery capabilities before you need them.

Business Continuity Planning

Backup is only part of business continuity. ThreeShield helps organizations define: what systems are most critical, what the acceptable Recovery Time Objective (RTO) is for each system, how staff will work if primary systems are unavailable, who makes decisions during an incident, and who gets called and in what order. These decisions are made in a planning session, not during the crisis.

Compliance Documentation

Backup and continuity requirements appear in multiple compliance frameworks: PCI DSS Requirement 12.10, Alberta HIA Section 63, HIPAA §164.308(a)(7), OSFI B-13 Domain 2, NERC CIP-009. ThreeShield maintains backup compliance documentation mapped to whichever frameworks apply to your organization, ready for regulatory review or audit.

Find Out If Your Backups Would Survive Ransomware

Most organizations are surprised by what a backup architecture review reveals. The consultation is straightforward — and the fixes are usually more achievable than people expect.

Book a Backup Review Book a Call Online →

Also see: ESXiArgs Ransomware — Why ThreeShield Clients Were Not Affected