CyberHoot’s 3–2–1 Backup Guide

As the number of areas where data is stored increases, the concept of following a 3–2–1 Backup Strategy is often forgotten. While you can’t prevent every compromise of your company’s data, you can have a backup plan that protects you from data-loss events.

What is the 3–2–1 Backup Method?

A 3–2–1 backup strategy means having at least three copies of your data, on two different media storage devices, with at least one copy off-line. Let’s look at an example fictional file called “salaries.xlsx”. This file lives on our computer at our home office (1); it’s a spreadsheet we made earlier this year for our company. That’s one copy of the data.

We also backed this file up to an external hard drive (possibly a Network Attached Storage device or “NAS”) connected to our local area network as a storage and backup device (2); that is our second copy on a second media storage device.

In addition to that external hard drive (NAS), we also use one of these online backup solutions. The backup solution scans our computer and uploads all changed files to the data center where it’s being hosted on a daily basis. Salaries.xlsx was updated today and is included in today’s uploads. This becomes our third copy of our data but because it is online, it is not considered an “offline copy”. However, the solution we chose includes versioning for files. This essentially qualifies for offline, because if today’s file changes due to a ransomware event, the current version of the file will be preserved. This protects our ability to restore from an earlier version (offline version) of the file.


Whether you are working on backing up a Mac or a PC, an on-site NAS backup device is an important way of quickly restoring access to your data should a catastrophic event occur. Local storage allows for 10 to 20x the restoration rate than cloud restores due to bandwidth limitations for most networks. If your laptop or desktop hard drive crashes (or is exploited), and you have an up-to-date external hard drive available, you can quickly get the majority of your data back or use the external drive on another computer while yours gets fixed or replaced. If you purchase one of the backup solutions referenced earlier in the PC Magazine article, you can automatically keep your local external hard drive up-to-date, and simplify your restoration efforts. Alternatively, most NAS devices come with their own software to make sure they are readily updated.


Having an on-site backup is a great start for restoring data quickly, but having an off-site and off-line backup is a key component in achieving the gold standard of a 3–2–1 backup strategy. Having a backup near the device that it’s backing up (Desktop PC and external hard drive on the same desk) means that both of those copies are susceptible to data loss through environmental causes (flood, fire, etc.) or theft. A continuously updated copy of your data that’s not in the same physical location and that is not online (or follows a versioning process) is vital to protecting your files from various threats.

Concluding Recommendations

There is no perfect solution for backing up your data, but our 3–2–1 strategy is a great start for the majority of businesses and individuals. The United States government recommended using this method of backing up in a paper published by the US-CERT team back in 2012. If you view your files as your investment capital, you want to diversify them as much as possible to limit your exposure should the unthinkable happen. Liquidity also matters, having a local backup and an off-site backup gives you more options for backup recovery.


There are other actions you should take to protect your business from other attacks and harm including:




A writer for CyberHoot, a cybersecurity company that helps society become more aware and more secure:

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Resources & Books on Internet of Things Security

How To Set Up A New Bitmain Antmine D3

Critical Security Considerations when Assessing Knowledge Management Software

Swiss Union Review

Ransomware group targets Universities of Maryland, California in new data leaks

John Snow Labs’ THREAT INTELLIGENCE AS A SERVICE - delivers live, corroborated, ranked &…

TryHackMe: Pyramid Of Pain Walkthrough

An SSO primer: what is it, and how does it work?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ty Mezquita — CyberHoot

Ty Mezquita — CyberHoot

A writer for CyberHoot, a cybersecurity company that helps society become more aware and more secure:

More from Medium

Why the ‘Basement Hacker’ Stereotype Is Wrong — and Dangerous

Legalities and Encryp

Log4j/Log4Shell Vulnerability Scanning and Exploit Detection in Uptycs osquery

Adding our own Kill Chain to VECTR