The importance of a proper backup system will never be stressed enough: not only it's somerhing mandated by law, it's also an absolute and unavoidable requirement.
Data are constantly endangered in many ways and several countermeasures can be implemented: an antivirus software will succeed in repelling most malware, a firewall will protect from direct attacks from the outside, hardware redundancy (e.g. RAID) will handle most common hardware failures... but what happens if any of these protections fails? What about human error, like an user deleting a directory full of documents by mistake?
The effects arising from such an event can potentially be catastrophic, leading up to halting a business completely and irreversibly.
That's why a backup system for your data is an absolutely need and nothing else can compensate its lack.
It's also worth remembering that backups should be verified through periodic restore tests.
Any backup system should be:
- complete (no data should be overlooked)
- automatic and scheduled (e.g. every night)
- constantly monitored and periodically verified
- fast (in the event a restore is needed, time will be crucial)
- redundant (loss of a single storage unit must not be fatal)
- off-site (backup media must not be kept in the same building where the original data resides)
- flexibility: from single computers to big heterogeneous networks with different OSes (Windows, Mac, UNIX, ...)
- multilevel backups (e.g. complete/inctemental), possibly with deduplication, to reduce the required storage
- scheduling flexibility
- wide range of target media (external HDs, RDX, tapes, cloud, ...)
- parallel backups (e.g. daily on a local NAS and weekly to off-site media or cloud storage)
- constant monitoring