3 min read

The Popular 3-2-1 Backup Rule Is Too Risky

Jul 7, 2020 9:10:50 PM


For some time now a significant amount of businesses have been safeguarding their systems with the 3-2-1 backup rule.  It's an easy to remember acronym.  It stands for for the practice of always having:

  • 3 copies of your data
  • 2 backup copies stored on different media
  • 1 of those backup copies stored offsite

Let me describe an example 3-2-1 configuration.  Lets say you have a file server.  The file server would be your first copy of your data.  The file server data is backed up to a backup server/drive, and the backup server would be the second copy of your data.  A copy of that backup it sent offsite (cloud or physical media), and this is the third copy of your data.  To recap: 3 copies of your data, 2 backup copies stored on different media (local backup server and also cloud), and 1 backup copy stored offsite (cloud).

The 3-2-1 rule has served people well for many years.  The 3-2-1 backup methodology is just not safe anymore.

Covid-19, the declining world economy, the state of intelligent hackers, has drastically changed the security landscape.  These threat actors are intelligent, organized, and there are so many of them.  Once they get into their victim's systems they find all the backup systems.  They encrypt the systems of their victims, render the backup systems useless (cloud backups too), and then demand large sums of money.  Many people pay the ransom too.

You may think you are too small of an organization and these threat actors wouldn't waste their time on you.  The threat of attack from these threat actors is no longer just the problem of big business.  Small and medium businesses are the target of these attacks every day.  Small and medium business are usually less prepared and easier to compromise, and attackers know this. 

I have noted in my earlier blog posts that its not a matter of "if" you will be a victim of these threat actors, it a matter of "when".  You need to be prepared.

This is why we advise all our clients to follow the following backup practice instead:

  • 4 copies of your data
  • 3 backup copies stored on different media
  • 1 of those backup copies stored offsite in the cloud
  • 1 of those backup copies completely disconnected from all your technology systems (media that is not connected to anything, or is otherwise secured from being tampered and/or deleted)

This last step is the critical step.  I can't emphasize enough how important it is that companies have a copy of their data that is either completely disconnected from any computer/network/power (basically off), or have the cloud backup provider ensure that they take additional security measures to ensure the cloud backups are secured (making the cloud backups tamper proof, and/or the provider takes backups of your data on their own private backup system that no-one has access to, can't access, and can't delete).  This last level of defense would be used in the event that a threat actor has compromised every system and including all your backups and tries to tamper with your backups in the cloud.

I know most people are very busy during these challenging times.  Many are also suffering significant financial hardship.  Ensuring the security of your company may feel like a low priority right now, and costly. I understand the frustration.  Though, the damage these threat actors can do can be so significant to a company that some companies never recover from it.  Now, more important than ever before, companies need to review their security systems to ensure they don't become victims of a costly attack.


Farzon Almaneih

Written by Farzon Almaneih

Farzon is the owner and founder of One82, a white glove IT service provider in the bay area.