A woman plugs an external hard drive into her laptop.
The 3-2-1 backup rule is a best practice for backing up your data by saving multiple copies of data on different storage devices and locations. — Getty Images/nortonrsx

When turning on a desktop or laptop computer, no business owner wants to see a hard drive disk failure message. It’s also devastating if a natural disaster renders on-site devices inoperable; however, ransomware poses one of the biggest threats to data availability.

Fortunately, the 3-2-1 backup rule combined with a recovery strategy helps companies get back up and running. Below we’ll explore how the 3-2-1 rule for backup and disaster recovery works as well as best practices for protecting your business from data loss.

The 3-2-1 backup rule: what it is and how it works

The 3-2-1 backup rule saves multiple copies of data on different storage devices and locations. It’s a best practice for backing up data in which you store copies of important information from cell phones, computers and tablets.

Peter Krogh, a photographer, writer, and consultant introduced the 3-2-1 backup rule when he published his book, “The DAM Book: Digital Asset Management for Photographers,” in 2005. The Cybersecurity and Infrastructure Security Agency (CISA) recommends that individuals and businesses use the 3-2-1 strategy.

Here’s what the 3-2-1 backup rule involves:

  • 3: Create one primary backup and two copies of your data.
  • 2: Save your backups to two different types of media.
  • 1: Keep at least one backup file offsite.

A 3-2-1 backup strategy reduces the impact of a single point of failure, such as a disk drive error or stolen device. For example, you may keep a backup on an external hard drive, a USB drive and cloud storage. If a disaster wipes out your on-site backups, your off-site cloud-based backup can save the day.

Data loss: causes and small business impact

Data is at the core of every professional interaction. Every software program and device stores information you use to run your business, including attachments like scanned receipts as well as metadata, such as software access permissions.

Data loss may occur from:

  • Database migration.
  • Software corruption.
  • Local disaster.
  • Ransomware attack.
  • Hard drive failure.
  • Theft.
  • Human error.

Regardless of the cause, data loss can halt business operations, resulting in downtime and lost opportunities. Customer, financial and mission-critical data may be inaccessible. Consequently, customer relationships and your business reputation may suffer.

[Read more: Roadmap for Rebuilding: Protecting Business Data and Assets]

"[Back up data] as frequently as necessary to ensure that, if data is lost, it is not unacceptable to the business."


3-2-1 backup strategy best practices

The best data backup solutions are easy to set up and use, and are affordable and secure. The best solutions also provide quick backups and easy data retrieval. It’s also important to note that a comprehensive backup and recovery strategy are vital elements in a business continuity plan.

Backup best practices include:

  • Backup regularly: Ready.gov recommends backing up data “as frequently as necessary to ensure that, if data is lost, it is not unacceptable to the business.” Develop a schedule for backups, including when and how you’ll validate and test the backup.
  • Select the right data to back up: Some of the most common backup files include customer and financial databases, operating systems, registry files and machine images.
  • Automate backups: Manual backups are prone to user error, whereas automated backups ensure you have the latest versions stored securely.
  • Test your backup copies: Backups fail, and data gets corrupted, making data verification and restore testing essential.
  • Incorporate other tactics: A 3-2-1 backup strategy is only one part of a backup and recovery plan. You may also want to consider keeping one copy in air-gapped storage, encrypting data and scanning backups for malware.

Next steps: implement a backup and recovery strategy

According to a Keeper and Ponemon Institute study, 39% of organizations don’t have an “incident response plan for responding to cyberattacks and data breaches.” Businesses lacking a disaster recovery strategy may face additional losses after a crisis.

Take a look at your current backup plan. Does it meet the 3-2-1 backup rule standards? If not, assess your backup process and see if cloud storage or backup as a service (BaaS) could benefit your business.

Next, review how you would respond to a cyberattack or hardware failure. Can you get business-critical systems uploaded and running promptly? Use the 3-2-1 backup rule and a recovery plan to protect your business.

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

Follow us on Instagram for more expert tips & business owners’ stories.

Applications are open for the CO—100! Now is your chance to join an exclusive group of outstanding small businesses. Share your story with us — apply today.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.

Brought to you by
Simplify your startup’s finances
Not sure where to begin in getting your business’s finances in order? Navigating the complex finances of a growing start-up can be daunting. Learn about the key financial operations that will keep your startup running smoothly — from payroll to bookkeeping to taxes — in this guide.
Learn More