In recognition of Acronis Cyber Protection Week 2023
For a long time, March 31 was World Backup Day: an annual event created to raise awareness of the importance of cloud backup best practices. In 2020, we celebrated the final World Backup Day and, with a vision for bigger things, launched Cyber Protection Week. Now entering its fourth year, Cyber Protection Week is an annual opportunity for personal and professional IT users to take a deeper look at how they approach their digital defenses. We are celebrating this year from Monday, March 27 through Friday, March 31.
In this initial post for Cyber Protection Week 2023, we examine the importance of having a robust data backup strategy using a very basic but effective “3-2-1 backup rule,” which counsels to make a few copies of your data and store them in different locations, so that you’ll always have access to your data, regardless of whatever disasters you may experience — be they by cyberattacks, natural disasters, or other adverse events.
What is 3-2-1 backup?
Backup is important, but it is just as important to remember that having one backup copy is sometimes not enough. For example, let’s assume you back up your computer to an external drive, which you keep in your home office. If your computer crashes, you have the backup copy. However, if a fire breaks out in your home, it will destroy both your computer and the external drive.
You will be surprised to learn how many small businesses do not back up their data and how many more do not survive a data disaster. Watch this video and learn how following the 3-2-1 rule of backup can stop your organisation from becoming a data disaster statistic.
What is the 3-2-1 backup strategy?
The 3-2-1 backup rule is a pioneer data backup strategy. It follows the below requirements:
- You create three copies of your data — the original data on your primary device and at least two copies.
- You use two different storage devices — here, it’s up to you to choose the two storage media carriers — your PC, external hard drive, a USB flash drive, DVD, NAS or cloud storage devices.
- You keep one of the backup copies off-site — by keeping copies of your data in a remote location, you prevent data loss due to a local disaster or a site-specific failure scenario.
The 3-2-1 backup rule is almost two decades old. Back in the day, users would rely on hard drives with as much as 30 GB capacity and CD backups. Nowadays, storage devices include hard drives of up to 22 TB and numerous cloud storage media options. Additionally, today’s storage concerns aren’t all about the volume. You’d need to keep in mind how a specific storage medium handles security and failover contingencies.
The 3-2-1 backup rule is simple and efficient. It allows fine-tuning the backup copies of your data, data analysis, and quick disaster recovery (in most cases).
However, the 3-2-1 backup strategy (as a fundamental concept) is gradually becoming old. Nowadays, we aren’t facing the same types of cyberattacks as users at the beginning of the century, so data storage should try to keep up. We will discuss the most recent data protection approaches later in the article.
How many backup copies should I keep?
According to the 3-2-1 backup rule, you should keep at least two backup copies to protect your data against natural disasters, accidental deletions, hardware failure and cyberattacks.
While the original data resides on one of your primary devices, the secondary copies won’t share the same location, so at least one copy will be secure against different threats. For example, if a natural disaster strikes your home office, your PC and local storage may be lost for good. However, the data copy off-site will be spared.
If you only use a single backup, without an off-site copy, you won’t be able to initiate disaster recovery following a fire or a flood on your premises.
Where is the best place to store a full backup?
Okay, you’re now familiar with the 3-2-1 rule as a backup process. However, you must find the optimal media type to store your backup copies.
There is no universal carrier for backed-up data. Depending on your production data, business operations, and backup service provider, your business must use a mixture of different storage media to ensure business continuity. If you’re an individual user, you can rely on backup software to help you find a perfect location for your backup copies or do your due diligence and use the most convenient storage media.
Full backups tend to be bigger than incremental or differential backups, so optical disks (CD / DVD / Blu-Ray) and USB drives may be small to contain them. With this in mind, users are left with two major options to follow the 3-2-1 backup rule.
External hard drives
The external hard drive is a convenient place to store your important data. It’s easy to use, highly portable and enables quick data recovery.
As long as you have the hard drive on you, you can connect it to any laptop or PC and manage your backups. An external hard drive is especially suitable for restoring your PC’s hard drive onto a new machine.
Backup data stored on the cloud is accessible from any device anytime, as long as you have a stable internet connection. Users who back up small volumes of data may turn to free cloud services — Google Drive, iCloud, or Dropbox.
However, if you’re running a business and want critical data protection for your assets, it’s best to go for dedicated cloud storage. The same goes for individual users who manage sensitive data.
While on a paid cloud, data will be encrypted and safeguarded from virtual attacks, ready for data recovery if needed.
When comparing cloud storage and external hard drives for 3-2-1 backup, most businesses should implement a hybrid backup and recovery approach. As for individuals, your choice depends on the sensitivity of backed-up data, the backup volume, and your budget.
How often should a full backup be done?
Full backups are a tried-and-true method against data loss. That said, full backups take the most storage space, bandwidth and time to create.
For SMBs, it makes sense to do a full backup of operational data at least once a week, with daily incremental or differential backups as well.
For individual users, full backups may quickly raise storage issues, especially if you’re using a free cloud or a single external HDD for the 3-2-1 backup approach. If you don’t create a lot of new data on your PC, you can only initiate full backup upon a major data upgrade on your machine.
How long should I keep my backups?
As a general rule, SMBs should keep full system backups for at least two months. A two-month retention rate ensures that you can safely restore a clean copy of your system if needed and proceed with day-to-day operations unhindered. You’d also be able to recover safely from malware that has resided undetected on your system for a while.
As for individual users, you can keep one copy of a full backup on an HDD indefinitely if you don’t need the extra space.
Why is the 3-2-1 backup method important for data protection?
Data is knowledge, and knowledge is power, as we know well. To be competitive, SMBs must understand the crucial role of 3-2-1 backup in data protection.
Keeping at least three copies of your data is typically enough to recover from any failure scenario, keep data recovery objectives optimal, and avoid a single point of failure.
The 3-2-1 backup strategy ensures that multiple copies of your data can survive various threats. With one backup kept locally and two off-site copies, you can mitigate the effect of natural disasters, human error and cyberattacks most effectively.
Also, having the two additional copies on different storage devices (say, an HDD in a fire-proof safe, and the cloud) raises the chances that at least one of the backups will be available for recovery in any scenario.
Why is it important to have both off-site and on-site backup strategies?
The fundament of the 3-2-1 backup strategy is to guarantee data integrity and accessibility. Those can be denied for SMBs in various scenarios.
If a natural disaster or a power failure strike, your production data on-site (as well as local backups) may be rendered inaccessible.
As for cloud storage, if a cyberattack manages to penetrate the cloud’s server, you may lose access to your data indefinitely. This is why it’s a best practice for SMBs to follow the 3-2-1 backup rule. Let’s look at an example.
Suppose you have three copies of your data. The original information set resides in your office. Disaster strikes and demolishes your computers along with the data on them. The second copy of the data is typically kept in local storage, so the disaster will likely affect it. However, the third copy is stored off-site — it normally won’t be affected by the disaster, so you could safely restore data from it.
Is 3-2-1 the best backup strategy?
The 3-2-1 backup rule has been a pivotal guideline for almost two decades. It is a best practice among information security professionals and is a good rule of thumb for individual users.
However, the immense rise of ransomware attacks calls for enhancing the basic principles of the 3-2-1 backup strategy. Those are redundancy, access and geographic distance.
Cyberattacks targeting entire networks may capture all data on them, including backups. This is a crucial issue for SMBs, as it may force indefinite downtime. In such cases, their off-site copy may become the only copy they can use to carry on. And if something happens to it as well, even the 3-2-1 backup rule won’t be enough to save their data.
What are some other good backup strategies?
As cybercrime evolves, so do data loss prevention tactics. Modern alternatives to the 3-2-1 backup rule have emerged to fortify backup and recovery for SMBs and individual users.
The most prominent strategies to adopt are the 3-2-1-1-0 and 4-3-2 approaches.
Modern changes to the 3-2-1 backup strategy
The 3-2-1 backup rule is the foundation for modern backup strategies. Let’s explore them below.
The 3-2-1-1-0 approach
This method reintroduces the idea of an offline (air-gapped) copy. It can either be an off-site tape copy as the original intention of the 3-2-1 or immutable storage on the cloud (meaning the data on it cannot be modified or changed).
Additionally, the “0” in the approach name stands for “zero errors” for stored backups. This can be ensured by daily monitoring of backup media, correcting errors, and performing regular restore tests.
The 4-3-2 approach
This approach requires four copies of data stored in three locations. The first one is on-premises, the second – with an MSP (say, Iron Mountain), and the third – with a cloud storage provider. This way, two locations are off-site, granting higher data protection against disasters and targeted attacks.
3-2-1 backup with Acronis!
Acronis Cyber Protect offers easy and reliable local and cloud backup for businesses. SMBs can follow the 3-2-1 backup approach with no upfront investments via an easy-to-manage, comprehensive solution. Moreover, companies can benefit from predictable costs and budget-friendly subscriptions.
Our backup software enables users to create encrypted local backups, with a backup copy off-site safely residing on the Acronis Cloud. Backups stored on the cloud are also encrypted and available for disaster recovery with only a few clicks.