I know what you're going to say. 'My files are in OneDrive. They're safe.' I hear this at least twice a week. And every single time, I have to take a breath, fix my glasses, and explain — as patiently as I can — that what you just described is not a backup. It is a sync. There is a difference. A very, very important difference.
Let's get into it.
What Sync Actually Does
Cloud sync tools — OneDrive, Google Drive, Dropbox, iCloud — are designed to make your files accessible everywhere. You create a file on your laptop, and within seconds it appears on your phone, your tablet, your work PC. It's genuinely useful. I use it. You should use it.
But here's the part people miss: sync is a mirror. Whatever happens to the original, happens everywhere. If you delete a file, it deletes everywhere. If ransomware encrypts your local files, those encrypted files sync to the cloud — and then to every other device connected to your account. Within minutes.
The Scenario That Changes Minds
A small accounting firm. Eight employees. Everything in Google Drive — client files, contracts, tax documents, years of work. One employee clicks a phishing link on a Tuesday morning. Ransomware starts encrypting files. Google Drive syncs every encrypted file in real time. By the time IT is called, 11,000 files are gone.
Google Drive does have version history — in this case it was limited to 30 days and the attack overwrote most versions before anyone noticed. They recovered about 60% of their files. The rest were gone.
I'm not telling you this to scare you. I'm telling you because it was preventable.
What an Actual Backup Looks Like
A real backup follows the 3-2-1 rule:
- ▸3 copies of your data
- ▸2 different storage media types (e.g., local NAS + cloud backup)
- ▸1 copy offsite or air-gapped
The critical difference between a backup and a sync is that a backup is independent. It doesn't automatically mirror changes in real time. It takes scheduled snapshots that can be restored to a known-good state, regardless of what happened to your primary data.
- ▸Cloud-to-cloud backup services (Backupify, Spanning) that separately back up your Google/M365 data
- ▸Dedicated backup solutions like Veeam, Acronis, or Datto for local and cloud environments
- ▸Immutable backups — backup sets that can't be modified or deleted, even by ransomware
Version history in Google Drive and OneDrive is better than nothing — but it's not a backup strategy. Set retention windows, test your restores quarterly, and treat sync and backup as two separate tools that do two different jobs.
The Test You Should Run Right Now
Ask yourself this: if ransomware hit your business today and encrypted every file you own, could you restore your data to yesterday's state without paying the ransom? If you can't answer yes with confidence — you don't have a backup strategy. You have a sync.
NeedIT audits your current backup state as part of our free IT assessment. We'll tell you exactly what you have, what you're missing, and what it would take to actually protect your data. No pressure, no jargon — just the facts.