Most people know they should back up their data. Most people don’t do it properly — or at all — until something goes wrong. This guide explains the 3-2-1 backup rule, why it works, and exactly how to put it into practice whether you’re a home user or running a business.
What Is the 3-2-1 Backup Rule?
The 3-2-1 rule is a simple, battle-tested framework for backup that has been recommended by IT professionals and government cybersecurity bodies for decades:
- 3 copies of your data (1 original + 2 backups)
- 2 different storage media types (e.g. internal drive + external drive)
- 1 copy stored offsite (e.g. cloud storage or a drive at another location)
The logic is straightforward. A single backup is vulnerable to the same event that destroyed your original — fire, flood, theft, ransomware. Two copies on different media reduces that risk dramatically. One offsite copy means even a physical disaster at your home or office cannot wipe everything out.
Why You Need This: Real-World Data Loss Scenarios
Data loss is not a hypothetical risk. Here are the most common causes:
- Hardware failure: Hard drives fail. SSDs fail. RAID is not a backup. When the drive goes, so does everything on it.
- Ransomware: Encrypts your files and demands payment. Without a clean offline backup, you either pay or lose everything.
- Accidental deletion: The single most common cause of data loss. Someone deletes a folder that shouldn’t be deleted.
- Theft or fire: A stolen laptop or office fire takes everything — machine and local backup together.
- Sync errors: Cloud sync tools (OneDrive, Google Drive) can propagate deletions and corruption to all devices.
How to Implement 3-2-1 at Home
For a home user, a simple 3-2-1 setup might look like this:
- Copy 1 (original): Your laptop or PC
- Copy 2 (local backup): An external USB hard drive connected to your PC, running Windows Backup or Time Machine (Mac)
- Copy 3 (offsite): Cloud storage — OneDrive, Google Drive, iCloud, or a dedicated backup service like Backblaze (£7/month for unlimited storage)
Set it up once and automate it. Windows 11 has built-in backup to an external drive under Settings → System → Storage → Backup. On Mac, Time Machine handles the local backup automatically once you connect a drive.
For cloud, if you already pay for Microsoft 365, you have 1TB of OneDrive included — use it. Enable the OneDrive folder backup so your Desktop, Documents and Pictures sync automatically.
How to Implement 3-2-1 for a Small Business
For a business, the stakes are higher and the implementation needs to be more robust:
- Copy 1 (original): Your server, NAS, or primary workstations
- Copy 2 (local backup): A dedicated backup NAS or external storage on-site, ideally running nightly automated backups. Tools like Veeam (free tier available), Acronis, or Windows Server Backup work well here.
- Copy 3 (offsite): Cloud backup — Azure Backup, Backblaze B2, or a managed cloud backup service. Alternatively, a second physical drive kept at a different location (rotated weekly).
For businesses, you also need to define two critical figures:
- RPO (Recovery Point Objective): How much data can you afford to lose? If your RPO is 4 hours, you need backups running every 4 hours.
- RTO (Recovery Time Objective): How quickly do you need to be back up and running? This determines what backup media you choose — local backups restore faster than cloud.
What to Back Up
You don’t need to back up everything — focus on what cannot be replaced:
- Documents, spreadsheets, presentations
- Financial records and invoices
- Customer data and CRM exports
- Photos and media (personal or business)
- Email archives (if not stored in a cloud service)
- Website files and database (if you run a website)
- Software licence keys and configuration files
You generally do not need to back up the operating system itself — reinstalling Windows takes an hour and is cleaner than restoring from a system image in most scenarios.
The Most Overlooked Step: Testing Your Restore
A backup you have never tested is not a backup — it is a hope. The worst time to discover your backup is corrupted or incomplete is when you desperately need it.
Set a reminder to test your backup restore at least every 3 months:
- Pick a random file or folder from your backup
- Restore it to a different location (not over the original)
- Verify the file opens and is not corrupted
- For businesses: run a full test restore to a spare machine or VM annually
Common Backup Mistakes to Avoid
- Treating RAID as a backup. RAID protects against drive failure — it does not protect against accidental deletion, ransomware, or fire.
- Only using cloud sync. OneDrive and Google Drive sync deletions. If you delete a file on one device, it is deleted everywhere.
- Never testing restores. See above.
- Keeping the backup drive plugged in permanently. A ransomware attack will encrypt any drive it can reach — including a permanently connected backup drive. Disconnect it after backups complete, or use a solution with versioning.
- Backing up infrequently. A weekly backup is better than nothing, but you could still lose a week of work. Consider daily for anything important.
Recommended Tools
- Home users: Windows Backup (built-in), OneDrive (Microsoft 365), Backblaze Personal (£7/month)
- Small business: Veeam Backup (free tier), Acronis Cyber Protect, Azure Backup, Backblaze B2
- NAS owners: Synology Hyper Backup, QNAP Hybrid Backup Sync — both excellent for 3-2-1 automation
Frequently Asked Questions
Is cloud storage the same as a backup?
Not exactly. Cloud sync (OneDrive, Google Drive, Dropbox) mirrors your files but can propagate deletions and ransomware to the cloud copy. Dedicated cloud backup services keep versioned copies and protect against this. Use both if possible.
How long should I keep backups?
A minimum of 30 days of versioned backups is a good standard. Some ransomware sits dormant for weeks before activating, so a 7-day retention window may not be enough. For businesses subject to regulations, retention requirements may be longer — consult your compliance framework.
How much storage do I need for backups?
For a home user, 1–2TB is typically sufficient. For businesses, calculate your total data size and multiply by the number of versions you want to retain. A NAS with 4–8TB of usable storage covers most small businesses comfortably.
