CyberHoot’s 3–2–1 Backup Guide
As the number of areas where data is stored increases, the concept of following a 3–2–1 Backup Strategy is often forgotten. While you can’t prevent every compromise of your company’s data, you can have a backup plan that protects you from data-loss events.
What is the 3–2–1 Backup Method?
A 3–2–1 backup strategy means having at least three copies of your data, on two different media storage devices, with at least one copy off-line. Let’s look at an example fictional file called “salaries.xlsx”. This file lives on our computer at our home office (1); it’s a spreadsheet we made earlier this year for our company. That’s one copy of the data.
We also backed this file up to an external hard drive (possibly a Network Attached Storage device or “NAS”) connected to our local area network as a storage and backup device (2); that is our second copy on a second media storage device.
In addition to that external hard drive (NAS), we also use one of these online backup solutions. The backup solution scans our computer and uploads all changed files to the data center where it’s being hosted on a daily basis. Salaries.xlsx was updated today and is included in today’s uploads. This becomes our third copy of our data but because it is online, it is not considered an “offline copy”. However, the solution we chose includes versioning for files. This essentially qualifies for offline, because if today’s file changes due to a ransomware event, the current version of the file will be preserved. This protects our ability to restore from an earlier version (offline version) of the file.
Whether you are working on backing up a Mac or a PC, an on-site NAS backup device is an important way of quickly restoring access to your data should a catastrophic event occur. Local storage allows for 10 to 20x the restoration rate than cloud restores due to bandwidth limitations for most networks. If your laptop or desktop hard drive crashes (or is exploited), and you have an up-to-date external hard drive available, you can quickly get the majority of your data back or use the external drive on another computer while yours gets fixed or replaced. If you purchase one of the backup solutions referenced earlier in the PC Magazine article, you can automatically keep your local external hard drive up-to-date, and simplify your restoration efforts. Alternatively, most NAS devices come with their own software to make sure they are readily updated.
Having an on-site backup is a great start for restoring data quickly, but having an off-site and off-line backup is a key component in achieving the gold standard of a 3–2–1 backup strategy. Having a backup near the device that it’s backing up (Desktop PC and external hard drive on the same desk) means that both of those copies are susceptible to data loss through environmental causes (flood, fire, etc.) or theft. A continuously updated copy of your data that’s not in the same physical location and that is not online (or follows a versioning process) is vital to protecting your files from various threats.
There is no perfect solution for backing up your data, but our 3–2–1 strategy is a great start for the majority of businesses and individuals. The United States government recommended using this method of backing up in a paper published by the US-CERT team back in 2012. If you view your files as your investment capital, you want to diversify them as much as possible to limit your exposure should the unthinkable happen. Liquidity also matters, having a local backup and an off-site backup gives you more options for backup recovery.
ADDITIONAL CYBERSECURITY RECOMMENDATIONS
There are other actions you should take to protect your business from other attacks and harm including:
- Adopt a password manager for better personal/work password hygiene
- Require two-factor authentication on any SaaS solution or critical accounts
- Require 14+ character Passwords in your Governance Policies
- Train employees to spot and avoid email-based phishing attacks
- Check that employees can spot and avoid phishing emails by testing them
- Backup data using the 3–2–1 method
- Incorporate the Principle of Least Privilege
- Perform a risk assessment every two to three years