Most small business owners don’t think about backups until they need one. By then it’s too late to ask the question that actually matters, which isn’t “do we have backups.” It’s “do we know they work.”

A backup job can run successfully every night for months and still fail you completely when you need it โ€” corrupted files, an incomplete snapshot, a restore that takes three days instead of three hours. The business doesn’t find out until there’s already a problem. If you’re a small business owner in the Bay Area, here are the questions worth asking your current IT provider, or asking yourself if you’re handling this in-house.

When was the last time someone actually restored a file from backup?

A backup that’s never been tested is a guess, not a safety net. Ask for the date of the last test restore and what was restored โ€” a single file, a folder, a full server. If nobody can answer that question with a specific date, you don’t have a verified backup. You have a job that ran.

If your server or NAS died tonight, how long until you’re working again?

This is the difference between “we have backups” and a recovery time you can actually plan around. A good answer includes a number โ€” hours, not “it depends” โ€” and that number should match what your business can actually tolerate. A dental office that’s down for two days during patient hours is a different problem than a solo consultant who can wait until Monday.

Who else knows how to access and manage this if your one IT contact isn’t available?

A lot of small businesses run on a single relationship โ€” one person who knows the passwords, the vendor logins, and how the whole environment fits together. That’s fine until that person is unreachable, leaves, or moves on, and suddenly nobody on your team or your new provider has a starting point. Ask whether your environment is documented somewhere you could hand to someone else tomorrow if you had to.

If you’re moving data to the cloud, what’s the actual timeline โ€” in writing?

Migrations (OneDrive, SharePoint, a file server moving to the cloud) are one of the most common places projects quietly stall. “We’re working on it” isn’t a timeline. Ask for a written estimate before the project starts, and ask what happens if it runs long.

What’s the real plan if ransomware hits โ€” not the antivirus, the response?

Antivirus and endpoint protection are table stakes. The real question is what happens in the first hour after an infection is confirmed: who gets called, what gets isolated, and how you’d actually restore from a clean backup rather than just hoping the infected systems can be cleaned. If your provider’s answer is mostly about prevention and light on response, that’s a gap worth closing before you need the answer for real.

How do you know the backups are running, beyond a green checkmark?

Backup software is good at reporting success even when something’s quietly wrong โ€” a job that completes but skips files, a retention policy that’s silently shorter than you think. Ask how backups are monitored, who reviews the alerts, and what would actually trigger a phone call to you if something failed.

Where this leaves you

None of these questions are about finding the perfect provider. They’re about knowing where you actually stand right now, today, before there’s an incident forcing the question. If you go through this list and aren’t sure about more than one or two answers, that’s worth a closer look.

We offer a free IT assessment for Bay Area businesses that covers exactly this โ€” backups, documentation, and where the gaps actually are, with no sales pitch attached. If you’d rather get a quick read first, our AI IT Advisor can walk you through what a healthy setup generally looks like before you talk to anyone. Either way, it’s worth knowing the answers before you need them.