Graphic of cell phone and laptop

What is the 3-2-1 data rule and why does it matter?

You don’t need to be told that data backup is important (although we’re stressing that it is). And if you’re already backing up your data, you’re heading in the right direction.

But how do you know if the backup strategy you’ve chosen is actually the best for you?

Simply backing up data might not be enough to stave off the worst. Ask yourself the following questions:

  • Are you backing up your data to an onsite or offsite location?
  • Is the data you’re backing up secured from cyberattackers?
  • Are you using any anti-theft technology?

In other words, it’s not really enough to tick a box off and say “yes, we’re doing it”. A good IT strategy doesn’t just include the “how”, but also the “why”.

Luckily, the 3-2-1 backup rule is a great start to a base plan. Here’s why it should matter to you.

Why the 3-2-1 backup rule is great for SMBs

The 3-2-1 backup rule is somewhat simplistic, but it still does a good job in getting you ready for the worst to happen.

Here’s the secret formula behind it’s name: Make three complete backups of your data. Keep two of them on separate devices onsite. Keep one copy at an offsite location.

And… that’s it. Kind of.

Imagine if a flood hits your office. Maybe a power surge takes your building’s power offline. Maybe a particularly nasty cyberattack got through and destroyed your data.

Worried about cybersecurity? Check out this guide on how to protect your business.

Even if one of your backup sources gets damaged or destroyed, you’ll still have a secondary backup device to utilize to restore your data.

And, if you were to lose TWO of your on-site backups (which is pretty common in fires), you still have data at an offsite location.

It’s safe, it’s ready to use, and it’ll keep your business running as smoothly as you need before you can bring your main systems back online.

Additional backup best practices to follow

1. Use data encryption

Even a single accident on the part of employees can cause data loss. Sometimes, it even falls directly into the hands of a criminal.

In fact, company data is commonly compromised by internal means — that is to say, theft.

However, using data encryption software can keep your data protected from those without the authority to access it. No decryption key means no access, which works out well for your SMB.

Encryption is an additional barrier that can help avoid your data from becoming part of someone else’s ransom plan. Business News Daily has a great guide on setting up an encryption policy.

2. Limit physical access to your backups

This is somewhat self explanatory — if someone doesn’t need to have access to your data backups, they shouldn’t have access.

Even a simple rule like this can drastically cut down on the chances of tampering (or even everyday errors).

Be sure to store your on-site backups in a physically secure location, such as a locked server closet. If someone absolutely needs access to the server closet, make sure you log the time and name.

If something happens, you’ll have detailed logs of the event that can help you resolve issues quickly.

3. Back your data backup consistently

Your business is constantly adding more data to your stockpiles.

That includes daily sales, new customer or vendor information, and other important files and folders. In other words, you’ll want to ensure that the data backs up on a consistent basis so that you don’t lose any important information.

As a general rule, many businesses practice backing up the data each evening, after general work hours. It’s a smart way to ensure that data backup processes don’t slow down company operations and networks during the day.

And, it also ensures that you always have the most updated version of your files so that you only lose a day at worst.


Looking for more information on good backup and preparation strategies? Click here to read our blog on how to build a documentation strategy for your business.