When a small manufacturing firm in Letterkenny suffered a ransomware attack last year, they were not worried. They had a backup system. They had been running it every night for two years. Their IT provider had set it up, it ran automatically, and the job log showed green every morning. Recovery would be straightforward.
It was not. When their IT provider attempted to restore from the backup, the files were corrupted. The backup software had encountered a configuration error six months earlier and had been running incomplete jobs ever since — completing fast enough to log success, but not actually capturing the data it needed to. Six months of production data, customer records, and financial information were gone. The cost of the incident — in recovery attempts, business disruption, and rebuilding from partial records — exceeded €60,000. The backup had looked fine from the outside right up until the moment they needed it.
WHAT: The Difference Between Having Backups and Having Working Backups
This distinction is fundamental and widely misunderstood. A backup system that is never tested provides the appearance of safety without the reality. It is the digital equivalent of a fire extinguisher that has never been serviced — it might work, or it might not, and you will only find out during an emergency.
NCSC Ireland consistently identifies data backup and recovery as a foundational cyber hygiene requirement for Irish organisations, with an explicit emphasis on verified, tested restorability.[^1] The word "tested" is doing important work there. Verified means you have actually confirmed the data can be recovered — not that the backup job appeared to complete, not that a file exists on a storage device, but that you have successfully restored data to a usable state.
Many Irish SMEs invest meaningfully in backup solutions and genuinely believe they are protected. The failure mode is not usually a conscious decision to skip testing — it is an assumption that the process is working because no one has flagged that it is not. Backup failures are silent. There is no alarm, no warning email, no visible sign of a problem until the moment you try to recover. By then, the gap between what you thought you had and what you actually have can be catastrophic.
Do you know when your backup was last verified to actually restore successfully? Book a free 20-minute strategy call — we help Irish SMEs implement backup strategies that hold up under pressure, not just under normal conditions.
WHAT NOW: A Three-Step Monthly Testing Process
The testing process does not require specialist expertise or significant time. It requires discipline — the same discipline you apply to any other regular business process. Budget thirty minutes per month and follow these three steps in sequence.
The first step is a single file restore. Take a specific file from your most recent backup — something you can verify the contents of, such as a document you created last week — and restore it to a separate location, not the original location. Open it and confirm it is complete and readable. This step verifies that the backup software is functioning, that the most recent backup set is accessible, and that the restoration process works at the most basic level. If this fails, you have a problem that needs immediate investigation before you discover it under worse circumstances.
The second step is a folder restore. Choose a folder containing multiple files and restore it to a test location. This verifies that your backup captures directory structures correctly, that multiple files can be restored in a single operation, and that the integrity of your backup extends beyond individual files. Do this quarterly rather than monthly — it takes longer but provides meaningfully more confidence.
The third step — and the most critical — is a full system restore to an isolated environment. This means rebuilding a complete working system from your backup, not on your production infrastructure, but on a separate test environment. It is the only way to verify that your entire business can be rebuilt from scratch if your primary systems are destroyed or encrypted by ransomware. An Garda Síochána's National Cyber Crime Bureau notes that organisations with verified full-restore capability recover significantly faster from ransomware attacks than those discovering restoration gaps during an active incident.[^2]
Do this annually at a minimum. For businesses handling sensitive client data, financial records, or systems subject to Data Protection Commission oversight, consider biannual full restores.[^3] Document every test: what was tested, what succeeded, what failed, and what corrective action was taken. That documentation serves as evidence of a functioning business continuity programme.
WHY IT MATTERS: What Failing Tests Actually Mean
A failed backup test is not a disaster. It is one of the most valuable early warning systems your business can have. When a test fails, the response is simple: investigate the root cause immediately. Was it a software configuration error? A hardware fault? A storage capacity issue? A permissions problem? Every failure has a cause, and every cause can be fixed. The cost of fixing a backup problem in a planned, non-urgent context is a fraction of the cost of discovering the same problem during a ransomware recovery.
Document the failure, the investigation, the fix, and the re-test that confirmed the fix worked. This documentation pattern — failure, investigation, resolution, verification — is exactly what NCSC Ireland's cyber hygiene guidance describes as a mature operational process for organisations of any size.[^1]
The businesses in Donegal and across Ireland that emerge from ransomware attacks intact are not the ones with the most sophisticated backup technology. They are the ones that tested their backups last month and the month before that and the month before that.
An untested backup is not a business continuity plan. It is a guess about whether you will still have a business after the attack.
WHAT NEXT: Three Actions Starting Now
Run a single file restore test today. Right now, before anything else. Choose a recent file, restore it to a test location, confirm it is intact. If it fails, call your IT provider before the end of today. If it succeeds, set a monthly calendar reminder to repeat the process.
Check your backup logs for the last ninety days. Look for any error messages, warnings, or jobs that completed unusually quickly. If you see green lights but the jobs completed in significantly less time than expected, that can be a sign of incomplete backups — exactly the pattern that caused the Letterkenny incident.
Plan a quarterly folder restore test. Block two hours in your calendar for next month and assign a named person to run it. The test itself takes thirty minutes. The documentation takes fifteen. The confidence it provides lasts all quarter.
Related Reading
- Backup Basics: How Irish SMEs Can Survive a Ransomware Attack
- 12-Month Cyber Governance Roadmap for Donegal SMEs
- 12 Steps to Cyber Security: The Complete Guide for Irish Businesses
[^1]: NCSC Ireland. Advice for Organisations. https://www.ncsc.gov.ie/advice-for-organisations/ [^2]: An Garda Síochána. Cyber Crime. https://www.garda.ie/en/crime/cyber-crime/ [^3]: Data Protection Commission. Guidance for Organisations. https://www.dataprotection.ie
Pragmatic Security — Cybersecurity advisory for Irish businesses. Based in Donegal, Ireland. CISA, CISSP, CISM certified advisors.