Copyright © 2026 Everyday Backups · everydaybackups.com · Secure cloud backup for small business & personal files
A small agency runs on files built up over years of client relationships: signed applications, declarations pages, endorsement records, claims notes, and commission statements. Most of it exists on one Windows machine in the office. The backup question every agency needs to answer honestly is whether they could retrieve the right version of a specific client file on the day they actually need it.
Everyday Backups provides managed, encrypted cloud backup for Windows computers, with monitoring, restore support, and monthly backup health reporting. Paid plans from $5.99/mo.
Insurance agencies accumulate files that are, in practice, irreplaceable. Many of these documents exist as a single scanned copy on a local hard drive. The following categories represent what a working agency should be able to recover, from a specific date, when the situation demands it.
A gap in any one of these categories can surface at the worst possible time: when a client has an open claim, when a coverage dispute needs documentation, or when a long-standing client's history needs to be reconstructed after a system failure.
The 3-2-1 rule is a straightforward framework promoted by CISA and widely used in small-business backup guidance. For an independent insurance agency, here is what it looks like in practice.
Your working copy on your primary machine or server counts as one. A second copy might be on a local external drive or a second workstation. A third copy, off-site in encrypted cloud storage, is the copy that protects against a local disaster affecting both of the first two.
Keeping backups only on the same type of storage, such as two internal drives in the same server, does not provide meaningful redundancy against hardware failure. CISA guidance calls for at least two different storage types, for example a local drive and a cloud destination, as distinct layers of protection.
Off-site means physically separated from your office. Cloud backup satisfies this requirement when the data is sent to a different data center rather than just a drive in the same room. The off-site copy is the one that matters most in the scenarios where everything in the office is affected at once: fire, flood, ransomware, or theft.
CISA specifically recommends maintaining at least one backup copy that is not continuously connected to the network. Ransomware attacks increasingly target connected backup systems as part of the same encryption sweep that hits production files. An offline or cloud-based backup that is not directly mounted on your network provides a layer that ransomware cannot reach in the same attack.
The checklist below reflects CISA small-business backup principles and FTC small-business cybersecurity guidance, applied to the practical file environment of an independent agency. This is a starting framework for backup decisions, not regulatory, legal, or compliance advice. Any obligations your agency has to clients, carriers, or state regulators are separate and should be determined with qualified advisors.
For additional context, see the small-business backup checklist, and for ransomware-specific preparation guidance, see ransomware restore readiness.
Two categories of software generate the bulk of an independent agency's critical data: the agency management system and the accounting platform. Understanding what your backup does and does not cover for each is important.
Major AMS platforms used by independent agencies, whether desktop-based or server-based installations, typically maintain a local database or a set of data files on your Windows server or workstation. Some platforms also generate exportable data snapshots. The key questions to answer for your backup configuration are: where does the AMS store its data files on your local system, are those files included in your current backup scope, and are they captured at a time when they are not locked by the running application.
If your agency runs a cloud-hosted AMS where the data lives entirely on the vendor's servers rather than your local machine, the local backup question shifts to the files you download from that system: policy documents, client attachments, exported reports, and anything you save locally to work with. Those downloaded files are still your responsibility to back up. The vendor's copy does not substitute for your own independent backup of files you store locally.
Many independent agencies use QuickBooks for agency revenue tracking, commission reconciliation, and general accounting. QuickBooks company files (.QBW) can grow to several gigabytes and are often stored on a single desktop or network share. Intuit's own documentation recommends maintaining backups of QuickBooks data files in a separate location from the original, and specifically notes that backing up only to the same machine is not adequate protection.
Common QuickBooks backup oversights at small agencies include the company file stored only on one machine with no backup, the Intuit automatic backup saving to a folder on the same drive as the original, and portable company files treated as backups when they are actually compressed snapshots without full transaction logs. A complete backup of QuickBooks covers the company file itself, the backup copy Intuit maintains in its own backup folder, and any exported reports you need to retain separately.
The FTC and CISA both publish guidance specifically noting that small businesses, including professional services firms with client records, are targets of ransomware campaigns. The reason is practical: small businesses often have less IT infrastructure than large corporations, which makes them easier to compromise, while still holding valuable client information that creates pressure to pay.
For an independent insurance agency, the combination of factors that makes ransomware consequential includes: all client files concentrated on a small number of Windows machines, reliance on a single AMS installation for client and policy data, and typically no dedicated IT staff monitoring backup health daily.
CISA's #StopRansomware guidance identifies offline and encrypted backup copies as the primary technical recovery mechanism when ransomware has encrypted production files. The critical point is that a backup connected to the same network as the infected machines, or a cloud sync folder that replicates in real time, may itself be encrypted before the attack is detected. A backup that is not continuously connected to your network is the copy most likely to survive a ransomware event intact.
For a structured look at what a ransomware-capable backup posture looks like for a small office, see ransomware restore readiness.
No. Everyday Backups is a backup service. It does not provide regulatory, legal, or compliance advice of any kind, and it does not by itself satisfy any insurance regulatory, state DOI, or record-retention requirement. Any obligations your agency has to regulators, clients, or carriers under state law or industry rules are separate from whether you have a backup service in place, and should be determined with qualified legal or compliance advisors.
Yes, for two reasons. First, even with a cloud-based AMS, your agency almost certainly saves files locally to Windows machines: downloaded policy documents, client attachments opened from the system, scanned paperwork, email, and accounting files. Those local files are not backed up by the AMS vendor. Second, the AMS storing your data is not the same as you having an independent backup of that data that you control and can restore from on your own timeline. The two are separate protection layers, and both matter.
No, and the difference is important for an agency. Cloud sync, such as OneDrive or Dropbox, mirrors the current state of your files to the cloud. If a file is deleted or overwritten, the sync service replicates that deletion or overwrite, often within seconds. With ransomware specifically, encrypted files may sync to the cloud before you notice anything is wrong. Backup, by contrast, retains point-in-time copies with version history, so you can restore the file as it existed before the damage occurred. See cloud sync vs. backup for a detailed comparison.
CISA recommends that organizations periodically test their ability to restore from backup, not just verify that the backup job completed without error. For a small agency, a quarterly spot-restore is a practical starting cadence: select a sample of files from different machines and different backup dates and confirm you can retrieve them completely. This identifies scope gaps, file-locking issues, and restore-process gaps while there is time to address them, rather than at the moment a file is actually needed.
Any machine that holds agency files and is not included in backup scope is a gap. Producer laptops are a common one: they may hold downloaded client documents, locally saved email attachments, notes from client meetings, and working copies of proposals. If that machine is lost, stolen, or fails, those files are gone. Each machine that holds agency-critical files is a separate coverage question to answer against your current backup configuration.
Everyday Backups installs on Windows machines, monitors backup job health, sends alerts when a backup fails or goes overdue, maintains version history so you can recover files from a prior point in time, encrypts data in transit and at rest, and stores backups in off-site cloud infrastructure rather than on local media that could be affected by the same event as your primary machines. The service is designed to be set up once and then run automatically in the background, with monitoring and reporting so you know the backup is working without having to check it manually each day.
Everyday Backups is a backup service, not legal, regulatory, or compliance advice. It does not by itself satisfy any insurance regulatory, state Department of Insurance, E&O, record-retention, or other professional requirement. References to CISA, FTC, Intuit, and Microsoft documentation are for informational context only and do not constitute endorsement by those organizations. Compatibility with specific agency management systems is not guaranteed or implied; verify backup scope and file coverage with your own IT review. Mention of software category names is for illustrative purposes only.
Everyday Backups runs on Windows, iPhone, iPad, and Android. Set it once; it backs up automatically, encrypted, off-site. Paid plans from $5.99/mo.
Prefer to talk to a person? Call 850-980-3691
Want a second set of eyes? Schedule your free 15-minute Backup Risk Check with our team
Copyright © 2026 Everyday Backups · everydaybackups.com · Secure cloud backup for small business & personal files