← All Tips/BACKUPS
BACKUPS

The 3-2-1 Backup Rule

3 copies, 2 different media types, 1 stored off-site. If it doesn't exist in 3 places, it doesn't exist.

The Rule That Saves Everything

The 3-2-1 backup rule is simple enough to memorize and comprehensive enough to protect against almost every data loss scenario:

  • 3 copies of your data
  • 2 different storage media types
  • 1 copy stored off-site (geographically separate)

This rule has been the standard for enterprise backup strategy for decades. It works because no single point of failure can destroy all three copies simultaneously.

Why Each Element Matters

3 copies: Your original plus two backups. One backup can fail during recovery (corrupted, wrong version, hardware failure at the worst moment). Two backups means you have a spare for your spare.

2 different media types: If both backups are on the same type of media (e.g., two external hard drives), a media-type failure affects both — a batch of drives with the same manufacturing defect, or a power surge. Mixing types (external HDD + cloud) ensures one type's failure doesn't take both.

1 off-site: Your house can flood, burn, or be burgled. A backup in the same building as your primary data fails in every physical disaster scenario. Off-site means geographically separate — cloud storage, a drive at a family member's house, a safe deposit box.

Practical 3-2-1 Implementation

For individuals:

  • Copy 1: Your working files on your laptop/desktop
  • Copy 2: External hard drive at home (automated with Time Machine on Mac, File History on Windows)
  • Copy 3: Cloud backup service (Backblaze Personal Backup ~$100/year for unlimited data, or iCloud/Google One for smaller data sets)

For businesses:

  • Copy 1: Primary server/NAS
  • Copy 2: Local NAS or tape backup
  • Copy 3: Cloud backup (AWS S3, Backblaze B2, Wasabi) in a different region than your primary infrastructure

What Good Backups Look Like

Backups are worthless if:

  • You've never tested restoring from them — test quarterly
  • They're not automated — manual backups get skipped
  • They're not versioned — ransomware encrypts current files, then you "backup" the encrypted version over your good backup
  • They're not monitored — a backup job that silently fails for 6 months is the same as no backup

Use backup software that:

  • Runs on a schedule automatically
  • Keeps multiple versions (so you can recover a file from last week, not just last night)
  • Alerts you if a backup job fails
  • Encrypts backup data at rest

Ransomware Specifically

Ransomware encrypts your files and demands payment. A proper 3-2-1 backup defeats ransomware completely — you restore from the pre-infection backup and decline to pay.

The key: at least one backup must be immutable or air-gapped (not continuously connected to your network). Cloud providers with versioning + object lock, or an offline drive you rotate, achieve this.

Your data either lives in 3 places or it's at risk. It's that simple.

Get your site properly hardened.

The Voice of Cash delivers professional security audits and hands-on implementation.

Speak to a Specialist →
← Previous
Hover Before You Click
Next →
Use Quad9 or 1.1.1.1