Skip to content
Diese Seite gibt es auch auf Deutsch.Zur deutschen Version

Technology · Security & sovereignty

Backups: The 3-2-1 Rule for Your Digital Life

The 3-2-1 rule makes data loss practically impossible. How to set up a real backup strategy for photos, documents and memories in one single afternoon.

By Boaz Lichtenstein

Article image: Backups: The 3-2-1 Rule for Your Digital Life

There are two kinds of people: those who have already lost all their data – and those for whom it’s still ahead. Between the two sits a hard drive that won’t spin up any more, a stolen laptop, or a click on the wrong attachment. The absurd part: hardly any digital risk is as predictable as data loss – and hardly any is as completely solvable. The solution has three digits.

Key takeaways

  • The 3-2-1 rule means: three copies, two media types, one copy off-site – and the three copies must be able to fail independently of one another.
  • Cloud sync isn’t a backup: it mirrors deletions and ransomware encryption too, instead of stopping them.
  • Setup takes one afternoon: an inventory, an automatic local copy, an encrypted off-site copy, a recurring test date.
  • Modern ransomware specifically targets backups – hence the extension to 3-2-1-1: at least one copy offline or versioned.
  • An untested backup is only a hope: check with a real restore twice a year, not just that the file exists.

The rule: 3-2-1 explained

3-2-1 means, specifically: three copies of your data (the original plus two backups), on two different media types (internal storage plus an external drive or NAS, for example), of which one is off-site (a cloud backup, or a drive kept with family or at the office). The logic behind it is pure failure-rate mathematics: any single copy can die – drives fail, cloud accounts get locked, homes burn down. All three dying at once is practically ruled out, provided they’re independent.

That’s exactly where the most common mistake lies: a sync cloud isn’t an independent copy, because it dutifully mirrors deletions and ransomware too. A USB drive that’s permanently plugged in isn’t independent either – whatever ransomware can reach on the machine, it encrypts as well, if the drive stays permanently connected. Independence only comes from physical or temporal separation: a drive that’s unplugged after the backup, or a cloud service with real version history.

Why cloud sync alone isn’t enough

Cloud sync like iCloud or Google Drive solves a different problem than a backup: it keeps devices in the same state, rather than preserving the past. Delete a file by accident, or have ransomware encrypt your folder, and the sync service dutifully passes that on to every connected device – the “protection” spreads the damage rather than preventing it. A real backup differs in exactly one respect: it stores yesterday’s state, regardless of what happens to the original today.

That doesn’t mean cloud storage is worthless – on the contrary, a cloud service with real version history can very much serve as the off-site copy in the 3-2-1 rule. The difference lies in function: plain synchronisation doesn’t count as a copy; a versioned backup with its own retention period does.

Setting it up in one afternoon

  1. Take inventory (about 30 minutes): what’s irreplaceable? Almost always: photos and videos, documents, the password manager export, tax records. Seed phrases for crypto wallets explicitly don’t belong here – those stay offline (see our self-custody basics).
  2. Set up copy one, automatically: use the built-in tools – Time Machine (Mac) or File History (Windows) onto an external drive or your home NAS. Automation beats discipline, because manual backups tend to die out after about three weeks.
  3. Set up copy two, off-site: an encrypted cloud backup, or a rotating second drive kept somewhere else. If you self-host (see our home server article), this counts double: your own NAS is storage, not a backup – it needs an off-site copy of its own in turn.
  4. Back up the password manager export separately: encrypted and kept apart from the rest of your files, because it’s the most sensitive dataset in the household.
  5. Add a calendar reminder: test a restore twice a year, and check whether anything new – a new device, a new folder – is being backed up automatically too.

Worked example: what 3-2-1 protection costs

An external 4-terabyte drive costs around €100 as a one-off purchase. A cloud backup subscription for a similar amount of data runs roughly €5 to €10 a month, or €60 to €120 a year. Together, that’s well under €200 in the first year for complete protection – after that, only the ongoing cloud costs remain. By comparison, professional data recovery after a drive failure can quickly cost several hundred euros, and over €1,000 in severe cases, with no guarantee of success. The backup investment can therefore pay for itself with the very first failure it prevents.

Cloud backup or a rotating drive: which, when?

Both options satisfy the off-site copy in the 3-2-1 rule, but suit different situations:

  • Choose a cloud backup if: your internet connection is stable and fast enough for the data volume, no family member lives nearby who could keep a drive for you, or hands-off automation is the priority.
  • Choose a rotating drive if: you’re dealing with very large data volumes (several terabytes of video, say) that would take weeks to upload to the cloud, you want to avoid ongoing subscription costs, or someone already commutes regularly between two locations.

The most robust solution combines both: an automated, smaller cloud backup for the most irreplaceable files (photos, documents), plus a larger rotating drive for everything that matters but could, in an emergency, also be reacquired or reconstructed with a bit of delay.

The ransomware add-on: 3-2-1-1

Modern ransomware specifically targets backups – hence the addition to the classic rule: keep at least one copy offline or versioned, such as the unplugged drive or a cloud backup with real version history. That turns 3-2-1 into current best practice: 3-2-1-1 – one copy that’s unreachable by anything currently running on your machine. That one extra copy is the difference between an afternoon of restoring and a ransom demand with no guarantee of success.

The most common mistakes

  1. Confusing cloud sync with a backup. Fix: plan for at least one copy with real version history or physical separation.
  2. Leaving the backup drive permanently plugged in. Fix: disconnect it after each backup run, or switch to a cloud backup with versioning – otherwise ransomware encrypts both at once.
  3. Never testing backups. Fix: actually restore a spot check twice a year, not just check the file size.
  4. Forgetting new devices or folders. Fix: update the backup list with every new device, rather than setting it up once and forgetting it.
  5. Leaving the password manager export exposed and unencrypted. Fix: encrypt it separately, because that one dataset opens everything else in an emergency.

From experience: the underrated pitfall isn’t the technology, it’s losing track. If, after two years, you no longer know which drive last ran when, or which cloud folder is actually still syncing, you effectively no longer have a working backup – just a vague memory of one. A simple three-line text document is enough: which destination, what schedule, when last tested. That costs five minutes and turns the 3-2-1 rule into a system that’s still verifiable in three years’ time – not just on the day you set it up.

The bottom line

Data loss is one of the few digital risks that a single afternoon’s effort can neutralise almost completely. The 3-2-1-1 rule isn’t expert knowledge, it’s basic tooling: three copies, two media, one off-site, one unreachable by ransomware. The most expensive mistake isn’t picking the wrong option between cloud and drive – it’s endless procrastination. Every week without a working backup is a week in which a single drive failure can cost years of photos and documents. Once you’ve automated it, you only need to test it twice a year – the next sensible step is setting up the first automatic backup run today, not waiting until after the first data loss.

FAQ

Frequently asked questions

Isn't the cloud (iCloud, Google) enough as a backup?

Only half: cloud sync mirrors your devices – delete a file by accident (or have ransomware encrypt your files), and it dutifully syncs the damage along with everything else. A real backup is an independent copy with version history that everyday activity can't reach. The cloud can be part of the strategy – as one of several storage locations, not the whole strategy.

How often do I need to test a backup?

A spot check twice a year is enough: actually restore a random file and a folder. The line from IT holds at home too: nobody wants backups – everyone wants restores. An untested backup is a hope, not a protection; most backup disasters are only discovered in an emergency, when the copy turns out to be empty, outdated or unreadable.

What does full 3-2-1 protection actually cost?

Considerably less than the damage it prevents. An external drive is a one-off purchase, a cloud backup subscription runs in the low double digits per month – in total, usually under €150 in the first year for several terabytes of protection. By comparison, professional data recovery after a drive failure can quickly cost several hundred euros, often with no guarantee of success.

Do I need to back up passwords and login credentials too?

Yes, but separately from your normal files. A password manager usually comes with its own encrypted export function – that export belongs in the 3-2-1 structure too, ideally encrypted separately, because it's the most sensitive dataset in the whole household. Seed phrases for crypto wallets are the one exception: they should never go into a digital backup at all, only offline, on paper or metal.

Is one backup enough, or do I really need all three copies?

One copy works fine right up until that exact one fails – and drives, accounts and homes all fail eventually, just at unpredictable moments. The strength of the 3-2-1 rule lies in the independence of the copies: as long as they have different failure sources, an extremely unlikely coincidence would have to hit all three at once. With just one copy, no such coincidence is needed – a single failure is enough.