The 3-2-1 backup rule is the simplest reliable framework for protecting business data, and it predates the ransomware era it now defends against so well. The rule is easy to remember and hard to argue with: keep three copies, on two media types, with one offsite. Here is what each part means in practice.
Three copies of your data
One production copy plus two backups. The reasoning is statistical: the probability of all three failing simultaneously is vanishingly small compared to relying on a single backup. The two backups should be independent of each other, not two folders on the same disk.
Two different media types
Store the copies on at least two distinct types of storage — for example local NAS plus cloud object storage. Using different media protects against a failure mode that affects one technology, such as a firmware bug in a particular drive model or a ransomware strain that targets a specific platform.
One copy offsite
At least one backup must live somewhere physically separate from your office. Fire, flood, theft, and on-site ransomware all destroy local copies at once. Cloud backup satisfies this naturally; if you prefer physical media, rotate drives to a secure off-site location.
The modern addition: immutability
Ransomware now actively hunts and encrypts backups. Add an immutable or air-gapped copy that cannot be altered or deleted for a defined retention period, even by an administrator. Object lock on cloud storage is the easiest way to achieve this.
The part everyone skips: testing restores
A backup you have never restored is a hope, not a plan. Schedule regular test restores — quarterly at minimum — and document how long a full recovery takes. Many businesses discover their backups were silently failing only when they finally needed them.
The 3-2-1 rule is timeless because it builds in independence and distance. Layer in immutability for ransomware resilience, and prove it works with regular restore tests.
Korur Security Team
Korur Beveiligingsteam