Someone in the business lost a file. Or the accounting spreadsheet got corrupted. Or a laptop died and three months of work vanished. Maybe it was a hard drive failure, a ransomware attack, or simply someone who pressed delete without thinking. Whatever happened, there is a version of this story playing out in businesses across Morocco every week. And in almost every case, the response is the same: treat it as bad luck, recover what can be recovered, and move on.
That is the wrong response. What happened was not bad luck. It was the predictable result of a specific set of decisions about how data was being stored. And unless those decisions change, it will happen again.
Data Stored Locally Is Data at Risk
The default setup for most small and medium businesses is still a local one. Files live on a laptop, a desktop, or an external hard drive sitting in the office. Sometimes on a shared drive that connects to a few computers in the same room.
This means there is exactly one copy of the data. One hardware failure eliminates it entirely. Laptops get stolen, dropped, and flooded. Hard drives fail - not occasionally, but reliably, over time, with no warning. A single power surge can render a machine unresponsive. When that happens to a business running on local storage, the result is total data loss for whatever was not backed up elsewhere.
This is still the standard setup for a significant share of Moroccan SMBs. Not because the owners are reckless - but because no one ever made a deliberate decision to change it.
"I Have Backups" - Do You Really?
Most businesses that believe they have a backup system do not actually have a working one. Here is what we typically find when we look closely:
The backup drive is in the same office as the primary data. A fire, flood, or theft takes both at once. The backup has not run in months - it was set up once and then forgotten. Nobody has ever tested whether a restore from the backup actually works. And in some cases, the "backup" is a sync - meaning that when someone deletes or corrupts a file, the deletion or corruption is immediately synced to the backup as well.
A backup that has never been tested is not a backup. It is a hope. The only way to know your backup works is to have actually restored from it at some point. If you cannot remember the last time that happened, you do not know whether your backup is functional.
The Spreadsheet Problem
Spreadsheets are the most common data management tool in Moroccan SMBs. That is understandable - they are flexible, free, and familiar. But they carry specific risks that most businesses do not account for.
A spreadsheet saved to a desktop has no version history. If someone overwrites a formula, deletes a row, or pastes data into the wrong column, there is no way to see what it looked like before. The file gets emailed around, saved under different names by different people, and quietly diverges into multiple versions nobody can reconcile. There is no access control - anyone with the file can change or delete anything.
One of the most common data disasters we encounter is a business discovering that its core financial or operational spreadsheet has been corrupted - gradually, over weeks or months, by a series of small accidental changes - and that there is no clean version to restore from. The data is gone not in a single catastrophic event, but by slow accumulation of unnoticed edits.
What Actually Protects Data
Protecting business data does not require a large budget or a dedicated IT team. It requires a few specific decisions, made deliberately and maintained consistently:
Cloud storage with versioning. Not just syncing - syncing propagates corruption. Versioned cloud storage keeps a history of every change, so you can roll back to any previous state. Services like Google Drive with version history, SharePoint, or purpose-built backup solutions all do this.
Regular tested backups to a separate location. The backup needs to be physically or logically separate from the primary data. And it needs to be tested - restored from, at least occasionally, to verify it works.
Access controls. Not everyone in the business needs to be able to delete or modify everything. Permissions should reflect actual roles. If only the finance manager needs to edit the financial records, only the finance manager should be able to.
Proper software systems. The most durable protection is moving data out of files and into structured software - accounting systems, CRM platforms, operational tools - that manage data in proper databases with built-in integrity checks, audit trails, and backup mechanisms. These systems are not immune to failure, but they fail far less often than a spreadsheet on a shared drive.
The Full Cost of Getting This Wrong
When a business loses data, the obvious cost is the lost information itself. But that is rarely the full cost.
There is the time required to reconstruct what was lost - hours, sometimes weeks, of work across multiple people. There is the impact on client relationships when you cannot produce a record, meet a deadline, or account for work you claim to have done. There is the regulatory risk if the lost data was sensitive - client records, financial data, contracts - in jurisdictions where data handling requirements apply. And there is the reputational risk if a client or partner learns that your business does not have its data under control.
These costs are rarely visible in advance. They only become clear after the loss has already happened.
The Decision You Keep Deferring
Most business owners know their data situation is not ideal. They have thought about setting up a proper backup. They have meant to move files off that old laptop. They just have not done it yet, because there are always more urgent things to handle.
The problem with deferring this decision is that the risk accumulates silently. Every day of continued local storage, every month without a tested backup, is another day of exposure. The cost of prevention is low and fixed. The cost of a serious data loss event is high and variable - and it can happen at any point.
If you want to understand what your actual data risk looks like and what it would take to address it, get in touch. We help businesses build the data infrastructure they need to operate with confidence.