10 Data Recovery Plan Failures (And How to Fix Them)

Your Backup Probably Isn’t Working — Here’s How to Know

Most Solano County businesses have some kind of backup in place. The problem is that “having a backup” and “having a working backup” are completely different things. We’ve seen it firsthand since 2008 — a business owner discovers their backup hasn’t actually run in months, right when they need it most.

Here are the ten most common reasons data recovery plans fail and what you can do about each one.

1. Unmapped Dependencies

Many backup plans protect the data files but ignore the applications and server configurations required to actually use that data. Restoring a SQL database without the application server, correct permissions, or proper boot order leaves you just as stuck.

Fix it: Document your full recovery sequence. Which services start first? Does the database need to be online before the application layer?

2. Untested Restores

This is the single most common failure we see. The backup software reports “Success” every night, so everyone assumes it works. But a completed backup job does not guarantee usable data.

Fix it: Run a full restoration test at least once per quarter. Actually open the files, boot the restored system, and confirm everything functions.

3. Software Compatibility Gaps

Backup software that hasn’t been updated can conflict with your operating system. Volume Shadow Copy Service (VSS) conflicts are a frequent culprit — they cause the backup to skip open files or create corrupted snapshots.

Fix it: Keep your backup software current. If you’re unsure whether your tools are compatible, reach out for a quick assessment.

4. Malware Inside Your Backups

Ransomware often sits dormant for weeks before activating. During that window, your automated backup is faithfully copying infected files.

Fix it: Use immutable backups — backups that cannot be modified or deleted after creation. The CISA StopRansomware initiative recommends keeping offline or air-gapped backup copies specifically for this reason.

5. Missing Data Sources

Your backup might cover the server, but what about:

• Files saved to employee desktops and laptops
• Unofficial cloud accounts (Dropbox, Google Drive, personal OneDrive)
• Mobile devices with business data
• SaaS platforms like QuickBooks Online or CRM tools

Fix it: Audit where your team actually stores work. Our managed IT services include ongoing audits so nothing slips through the cracks.

6. Misaligned RTO and RPO

Two numbers define whether your recovery plan matches your business needs:

• Recovery Time Objective (RTO): How quickly you need to be back online
• Recovery Point Objective (RPO): How much data loss you can tolerate

If your RTO is four hours but your cloud restore takes 24, you have a serious gap.

Fix it: Define these numbers based on real business impact, then match your backup frequency and restore method to them.

7. Poor Media Management

We’ve seen recovery plans fail because the backup drive was taken home by an employee three years ago, or no one knows which unlabeled USB drive is current.

Fix it: Eliminate manual media rotation. Cloud-hybrid backup solutions remove the human element.

8. Unprotected Backup Infrastructure

Attackers know that destroying backups first makes victims more likely to pay ransom.

Fix it:

• Isolate backup systems on a separate network segment or VLAN (learn more about network segmentation in our business network mistakes post)
• Enforce multi-factor authentication (MFA) on all backup admin access
• Restrict backup deletion permissions to a single, secured account

If you’re not sure where your security gaps are, that itself is a red flag.

9. No Risk Assessment

Is your plan designed for a single hard drive failure, or does it account for a building-level event — fire, flood, extended power outage?

Fix it: Follow the 3-2-1 backup rule recommended by the NIST Cybersecurity Framework: three copies, two media types, one offsite. For more on the basics, see our data recovery guide.

10. Only One Person Knows the Plan

If the only person who can execute your recovery is out sick, on vacation, or has left the company, you don’t have a plan — you have a single point of failure.

Fix it: Train at least two people. Document a simple checklist: who to call, what to stop doing immediately, and where the recovery credentials are stored.

Take Action Before the Next Outage

A data recovery plan is only as good as its last successful test. If you can’t remember the last time yours was tested — or if any of these ten issues sound familiar — it’s time to fix it before you actually need it.

Book a backup assessment and find out exactly where your plan stands — before Monday morning surprises you.