Ask any IT professional what keeps them up at night and "no backup" will be near the top. Hardware fails, laptops get lost, staff delete the wrong folder, and ransomware encrypts everything. A good backup turns any of these from a catastrophe into a minor inconvenience.

What is the 3-2-1 backup rule?

The 3-2-1 rule is the gold standard for keeping data safe. It's beautifully simple:

  • 3 copies of your data (the original plus two backups).
  • 2 different types of storage media.
  • 1 copy kept off-site (or in the cloud).

Following it means that no single failure - a dead drive, a stolen laptop, a flood, even a ransomware attack - can wipe out all your copies at once.

Why each number matters

  • Three copies protects against one backup failing - because backups can fail too.
  • Two media types avoids a shared weakness; if both copies sit on the same NAS in the same cupboard, one fire takes both.
  • One off-site copy is what saves you from physical disasters and site-wide attacks.

A modern twist worth adding is an immutable or offline copy - one that can't be altered or deleted, even by an attacker who gets into your systems.

"But our files are in Microsoft 365 / Google - aren't they safe?"

This is the most dangerous misconception we see. Cloud platforms protect their infrastructure, but you are responsible for your data. If a file is deleted or encrypted and you don't notice within the retention window, it can be gone for good. A dedicated third-party backup of Microsoft 365 or Google Workspace is essential - a point we stress during every M365 migration.

The step everyone forgets: testing

An untested backup is just a hope. Backups can silently fail or back up the wrong data for months. Regular test restores are the only way to know your backup will actually work when you need it - which is exactly why it forms part of any proper disaster recovery plan.

The bottom line

The 3-2-1 rule is simple, proven and the single best insurance policy your data can have. Three copies, two media, one off-site - and test it regularly. Not confident in your current backups? Request a callback and we'll review them, or explore our IT support service.

Frequently asked questions

What is the 3-2-1 backup rule?

Keep at least three copies of your data, on two different types of media, with one copy held off-site or offline. It protects you against hardware failure, ransomware and disasters.

How often should backups run?

For most businesses, critical data should be backed up at least daily, and important systems more frequently. The right interval depends on how much data you can afford to lose.

Why isn't a single cloud copy enough?

A single copy can be deleted, corrupted or encrypted by ransomware and then synced everywhere. Multiple, separated copies ensure you always have a clean version to restore.