Backups fail silently more often than most business owners realize. A backup job that stopped running three weeks ago, a storage drive that quietly filled up, a corrupted backup file that looks fine on the surface but cannot actually be restored. None of these problems announce themselves. You only discover them when you desperately need to recover data and find out you cannot.
This monthly checklist takes about 30 to 45 minutes to complete. It catches problems before they become disasters and gives you documented proof that your backups are working, which is increasingly important for cyber insurance audits and compliance reviews.
Why Monthly Verification Matters
Setting up a backup system is only the first step. Without ongoing verification, that system can silently break in dozens of ways. Service account passwords expire. Storage fills up. Software updates change settings. A new employee joins and their data is never added to the backup. A server gets replaced and nobody updates the backup configuration.
The worst time to discover your backup does not work is during a data loss event. By then, it is too late. Monthly verification turns backup from "something we set up once and forgot about" into "something we know works because we checked it this month."
Cyber insurance providers are also paying closer attention to backup practices. Many now ask for evidence of regular backup testing as part of the policy application or renewal. Having a documented verification log strengthens your position and may even affect your premium.
The Monthly Checklist
Check 1: Verify Backup Jobs Are Completing
Start by logging in to each backup service or appliance and reviewing the job history for the past 30 days.
For Dropsuite (Microsoft 365 backup), sign in to the Dropsuite admin dashboard and check the backup status for each protected mailbox, OneDrive account, and SharePoint site. Look for green "Success" indicators across the board. Click into any job that shows a warning or failure to see the specific error. Common causes include a user whose license was changed, a mailbox that was put on litigation hold, or an authentication token that expired.
For Slide (on-premises backup), check the appliance dashboard or log in to the management console. Review the past 30 days of backup jobs. Confirm every scheduled job completed with a "Success" status. If you see "Completed with warnings," investigate. A warning is not the same as success. It usually means some files were skipped, locked, or inaccessible during the backup.
If your backups are monitored through the Athencia One portal, backup status is visible in real time. But this monthly check is still valuable because it forces you to look at the details, not just the top-level status indicator.
For any backup job that failed, document the failure, the root cause, and the resolution. If a job has been failing for more than 48 hours without being resolved, treat it as urgent.
Check 2: Verify Data Volume Looks Correct
Pull up the total size of your most recent backup and compare it to the previous month.
A sudden, significant decrease in backup size is a warning sign. It could mean that files, mailboxes, or entire data sources are no longer being backed up. For example, if last month's Microsoft 365 backup covered 25 mailboxes and this month it covers 22, three users may have fallen out of the backup scope due to a license change or account modification.
A sudden significant increase can also indicate a problem, such as a backup loop, duplicate data being captured, or a new data source being added without anyone realizing it.
For Microsoft 365 backups through Dropsuite, verify that the number of protected mailboxes and OneDrive accounts matches your current active user count. When employees join or leave the company, the backup scope needs to be updated.
For on-premises backups through Slide, verify that the total backup size is consistent with the amount of data on the protected servers. If a new file share or application was added to a server, confirm it is included in the backup configuration.
Check 3: Perform a Test Restore
This is the most important check on the list. A backup that completes successfully but cannot actually be restored is worthless.
Pick a random file, folder, or mailbox from the backup and restore it to a temporary location. Do not restore it to the original location; you do not want to overwrite current data with an older version.
For a Dropsuite test restore: sign in to the Dropsuite dashboard, navigate to the user's mailbox or OneDrive backup, browse to a specific email or file, and click Restore. Choose to restore to a temporary folder or download the file directly. Open the restored item and verify it is complete and matches what you expected.
For a Slide test restore: open the Slide management console, select a backup snapshot from a specific date, browse to a file or folder, and restore it to a test location on the network. Open the restored files and verify they are intact and usable.
Rotate what you test each month to cover different parts of your backup over time. One month, test a file from OneDrive. The next month, test an email from Exchange. The following month, test a folder from an on-premises server. Document what you tested, the date, and whether the restore was successful.
Check 4: Verify the Offsite or Cloud Copy Is Current
If you follow a 3-2-1 backup strategy (and you should), you have copies of your data in at least two separate locations. This check confirms that the offsite or cloud copy is up to date and not lagging behind.
For Dropsuite, this is straightforward because the backups are cloud-based by nature. Verify the most recent backup timestamp for each data source and confirm it is within the expected window (usually within the last 24 hours).
For Slide, if the appliance replicates to a cloud target or a secondary offsite location, log in and verify that replication is current. If there is a replication lag of more than 24 hours, investigate. Common causes include bandwidth limitations, network configuration changes, or a credential issue with the replication target.
The offsite copy is your last line of defense. If ransomware encrypts your local backups or a physical disaster destroys your office, the offsite copy is what you will recover from. It must be current.
Check 5: Review Backup Coverage
This check catches the gaps that form naturally as your business changes.
Ask yourself these questions:
- Were any new computers, servers, or cloud services added this month? If so, are they included in the backup?
- Did any employees join the company? Are their Microsoft 365 mailboxes and OneDrive accounts protected by Dropsuite?
- Did any employees leave? Were their accounts properly handled, and is their data preserved if needed for compliance or reference?
- Are there new applications or databases running that are not yet included in any backup?
- Is anything still being backed up that no longer exists or no longer needs protection? Removing unnecessary backup targets frees up storage and simplifies management.
Check 6: Verify Retention Policy
Check how far back your backups go and confirm the retention period meets your business requirements.
For most small businesses, a minimum retention of 30 days is necessary. Ninety days is recommended because many data loss scenarios, such as a departing employee who quietly deleted files, are not discovered immediately.
Verify that old backups are being properly rotated and deleted when they pass the retention window. If old backups are not being cleaned up, storage will eventually fill up and cause new backups to fail.
If your industry has specific compliance requirements (healthcare, legal, financial services), confirm that your retention settings meet those requirements. Your IT provider or compliance advisor can help determine the right retention period.
Recording Your Results
Keep a simple log of each monthly verification. A shared spreadsheet or document works fine. For each check, record:
- The date the check was performed
- What was checked (backup jobs, data volume, test restore, offsite copy, coverage, retention)
- Pass or fail
- Any issues found and the actions taken to resolve them
- Who performed the check
This log serves two purposes. First, it creates accountability and ensures the checks actually happen every month. Second, it provides documentation for cyber insurance audits and compliance reviews. When an auditor asks "How do you verify your backups?" you can hand them a log showing monthly verification going back months or years.
Assign the checklist to a specific person and set a recurring calendar reminder. If it is "everyone's job," it is nobody's job.
Red Flags That Need Immediate Attention
Do not wait until next month's check if you encounter any of these issues:
- Any backup job that has failed for more than 48 hours without being investigated and resolved.
- Backup storage over 80 percent capacity. At this level, you are one or two backup cycles away from running out of space and having backups stop entirely.
- No successful test restore in the past 90 days. If you have not verified that data can actually be restored in three months, you do not know if your backups are usable.
- New data sources not included in the backup. A new server, a new application, or new employees whose data is not being backed up represent unprotected risk.
- Credentials or licenses expiring soon on the backup service. An expired license or credential will stop backups silently.
Need Help?
If you would rather have your backup verification handled by professionals, or if this checklist revealed issues you are not sure how to fix, contact Athencia. We monitor backups continuously and can help you close any gaps.
