Everyone in tech has heard of the 3-2-1 backup rule. It’s the kind of advice that gets repeated so often it starts to feel like background noise, the digital equivalent of “eat your vegetables.” It’s simple, it works, and it has saved countless people from catastrophic data loss.
And yet, most of us, even those of us who write about this stuff for a living, don’t actually follow it. Not properly. Not consistently. Not in a way that would actually save our bacon if a drive died tomorrow.
What the 3-2-1 rule actually says
Three copies, two media types, one off-site, zero excuses
The 3-2-1 rule has been around since the early 2000s, and it has stuck around for a reason. It’s clear, it’s memorable, and it covers most of the ways data tends to disappear on you.
The breakdown is this: keep three total copies of your data, store them on two different types of storage media, and make sure one copy lives off-site. Your working file on your laptop counts as one. An external SSD or a NAS on your desk counts as the second. A cloud backup, or a drive you keep at a friend’s house, satisfies the off-site requirement.
The logic is layered. Three copies mean a single failure isn’t fatal. Two media types mean a flaw common to one kind of storage (a bad batch of drives, a firmware issue) won’t take everything down at once. The off-site copy is the insurance against the dramatic stuff: fire, flood, theft, or a ransomware attack that walks across every device on your local network.
It’s worth noting that some folks now argue 3-2-1 is showing its age, and newer variants like 3-2-1-1-0 (adding an immutable or air-gapped copy with zero recovery errors) have started to take its place in serious IT circles. But for the average person? Nailing the original 3-2-1 would still put you ahead of basically everyone you know.
QuizData backups and the 3-2-1 rule
Trivia challenge
Think you know how to keep your data safe? Test your knowledge of backup strategies, rules, and best practices.
Backup RulesStorageStrategyRecoverySecurity
What does the ‘3’ in the 3-2-1 backup rule refer to?
That’s right! The ‘3’ means you should maintain 3 total copies of your data — the original plus two backups. Having multiple copies dramatically reduces the risk of total data loss from any single failure.
Not quite. The ‘3’ refers to keeping 3 total copies of your data, including the original. This redundancy ensures that even if one or two copies are lost or corrupted, you still have a surviving copy to restore from.
In the 3-2-1 backup rule, what does the ‘2’ stand for?
Exactly! The ‘2’ means your copies should be stored on at least 2 different types of media — for example, an external hard drive and a cloud service. This protects you from media-specific failures like a hard drive manufacturer defect.
Not quite. The ‘2’ in the 3-2-1 rule refers to using 2 different types of storage media, such as a local NAS drive and a cloud service. Diversifying your media types guards against failure modes that might affect one type but not another.
What does the ‘1’ in the 3-2-1 backup rule specify?
Correct! The ‘1’ means at least one copy must be stored offsite — away from your primary location. This protects your data from local disasters like fires, floods, or theft that could destroy everything stored in one place.
Not quite. The ‘1’ requires that at least one copy be stored offsite, such as in a cloud service or at a separate physical location. Local disasters like fires or floods can wipe out everything in a single building, so offsite storage is a critical safeguard.
The 3-2-1-1-0 backup strategy adds two extra elements to the original 3-2-1 rule. What does the second ‘1’ represent?
Spot on! The second ‘1’ means one copy should be offline, air-gapped, or immutable — such as a WORM drive or tape that ransomware cannot reach and overwrite. This is a critical defense against modern ransomware attacks that specifically target connected backups.
Not quite. The extra ‘1’ in 3-2-1-1-0 stands for one copy that is offline, air-gapped, or stored in an immutable format like WORM media. This prevents ransomware or malicious actors from encrypting or deleting all your backup copies simultaneously.
In the 3-2-1-1-0 rule, what does the ‘0’ at the end signify?
Exactly right! The ‘0’ means zero backup errors — all backups should be verified and tested to ensure they can actually be restored. A backup you’ve never tested is not a reliable backup, as corrupt or incomplete backups offer false security.
Not quite. The ‘0’ stands for zero errors, meaning every backup should be verified and confirmed restorable. It’s a common but dangerous mistake to assume backups work without testing them — many organizations have discovered corrupted backups only when they desperately needed them.
Which of the following backup types only saves data that has changed since the last FULL backup, regardless of any incremental backups in between?
Well done! A differential backup saves all changes made since the last full backup, growing larger over time until the next full backup is performed. Compared to incremental backups, restoring from a differential backup is faster because you only need two sets: the last full backup and the latest differential.
Not quite. That’s a differential backup. Unlike incremental backups (which only save changes since the last backup of any type), differential backups capture everything changed since the last full backup. This makes them faster to restore but they consume more storage space over time.
What is the term for the maximum amount of data loss a business or individual is willing to accept, measured in time, when a data loss event occurs?
Correct! Recovery Point Objective (RPO) defines how much data you can afford to lose, measured in time — for example, an RPO of 4 hours means you back up every 4 hours and can tolerate losing up to that much work. It directly determines how frequently you need to perform backups.
Not quite. The correct term is Recovery Point Objective (RPO), which defines the maximum acceptable age of the files you need to recover after a failure. RPO is different from RTO (Recovery Time Objective), which measures how quickly you need to be back up and running after an incident.
Why is it generally recommended that at least one backup copy be kept ‘air-gapped’ in a modern backup strategy?
Exactly! An air-gapped backup is physically isolated from any network, meaning ransomware and remote attackers cannot reach it to encrypt or delete it. As ransomware increasingly targets connected backup systems, an air-gapped copy serves as the last line of defense for guaranteed recovery.
Not quite. The key benefit of an air-gapped backup is that it has no network connection, making it completely unreachable by ransomware, hackers, or remote attacks. Modern ransomware strains are specifically designed to find and encrypt connected backup drives, so an offline copy is your most reliable safety net.
Your Score
/ 8
Thanks for playing!
The advice is everywhere, and almost nobody does it
Knowing the rule and living the rule are very different things
Here’s the awkward part. If you spend any time reading tech blogs, watching YouTube channels about home labs, or lurking in subreddits about data hoarding, you’ve absorbed the 3-2-1 gospel a hundred times over. You can recite it. You can explain it to your relatives at Thanksgiving. You probably have, at some point, given a friend a mini-lecture about why their “I just keep everything in Google Drive” approach is not, in fact, a backup strategy.
And then you go back to your own setup and realize that you’re running on two copies at best, both of them sitting in the same apartment, one of them being the original.
I’ve done this. People I respect in this industry have done this. It’s almost a running joke. The folks who should know better are often the ones with the messiest, most fragile backup situations, because we know just enough to feel like we have it under control without actually having it under control.
Why the dorks who write about tech still don’t follow it
Knowing better doesn’t make doing better any easier
So why is the gap between “I know the rule” and “I follow the rule” so wide? A few reasons, and I’ll cop to all of them.
The first is that backups are boring. They’re invisible when they work, and they only matter on the worst day of your computing life. There’s no satisfying dopamine hit from setting up a proper rotation, the way there is from configuring a new mechanical keyboard or finally getting your home server to do that one thing. A backup that quietly does its job for five years feels like nothing happened, because, well, nothing did.
The second is that doing it properly costs money, and the cost is ongoing. An external drive is a one-time hit, sure, but cloud storage is a monthly bill that grows as your data grows. Services like Backblaze, iDrive, or even just a beefy plan on a general-purpose cloud provider can be a worthwhile investment, but they’re competing with every other subscription you’re already paying for. It’s easy to put off “set up a real off-site backup” until next month, and then keep putting it off.
The third reason is that the threat landscape has changed in a way that makes the rule feel both more important and more daunting at the same time. Modern ransomware actively hunts for backup repositories and tries to delete or encrypt them too, which is why the industry has been pushing toward immutable and air-gapped copies as a fourth layer. For someone who hasn’t even gotten the basic 3-2-1 in place, hearing “actually, you need 3-2-1-1-0 now” can feel like a reason to give up rather than to start.
The fix is genuinely not that hard
You don’t need a homelab, you just need to start
The truth is that getting to a real 3-2-1 setup, even a modest one, is a weekend project at most. An external drive plus an automated tool like Time Machine, File History, or a script-based solution covers the local copy. A consumer cloud backup service covers the off-site copy. That’s it. That’s the whole thing. You can layer on NAS gear, immutable snapshots, and offline drives later if you catch the bug, but the baseline is genuinely accessible.
The trick is to stop letting perfect be the enemy of good. A flawed 3-2-1 setup that runs automatically beats a theoretically perfect one you’ve been planning for two years but never built. And though I trashed it earlier, even one extra copy of the files that matter to you on a separate device is better than literally nothing.
We all know better, and we still don’t do it
Consider this your nudge, and mine
The 3-2-1 rule isn’t outdated (well, only a little bit outdated), isn’t complicated, and isn’t expensive in any meaningful sense compared to the value of the data it protects. It’s just unglamorous, and unglamorous things tend to lose the fight for our attention.
Maybe this weekend, then
If you’re reading this and quietly auditing your own setup in your head, you already know whether you’re covered or not. I know I’m not, fully, and writing this is partly an exercise in shaming myself into finally fixing it. The good news is that the rule is forgiving. You don’t have to get it right on the first try, you just have to start, and your future self, the one staring at a dead drive at 11 p.m. on a Tuesday, will thank you.
7/10
- Storage capacity
-
1TB, 2TB, 4TB, 8TB
If you want a secure, super-fast, reliable place for your backups that need to be accessed often – such as projects you work on or your game library – this SSD is the way to go. It’s not cheap, but it’s blazing fast, and it’ll last you for years.
Stephan is the sports journalist for the Maple Grove Report.
