2023 logo for SpireTech, Managed IT Services in the Portland area
Schedule a Meeting

(503) 222-3086

2023 logo for SpireTech, Managed IT Services in the Portland area
Schedule a Meeting
(503) 222-3086

3-2-1 Backup Rule: Protect Your Business Data From Ransomware

by | Mar 16, 2026 | Uncategorized

ways to keep your data secure in an office

Topics: 

  • 3-2-1 backup rule 
  • 3-2-1-1-0 backup strategy 
  • Data recovery best practices 

The 3-2-1 backup rule is your defense against ransomware, hardware failure, and data loss. Ransomware attacks are surging. The average cost of a single ransomware attack reached $5.13 million in 2024, and experts estimate it will climb to $5.5-6 million in 2026. It’s dangerous to think about cyberattacks as hypothetical. Assume they will happen and plan accordingly.  

The 3-2-1 backup rule was created in 2005 by Peter Krogh, a professional photographer who needed to ensure that his clients’ photos remained safe and secure if something were to happen. 

The 3-2-1 backup rule still offers a great defense against data loss, ransomware, and business disruption. The 3-2-1 backup rule has stood the test of time, and in 2026, has evolved into a more modern version: the 3-2-1-1-0 rule. 

It is important to note, however: these “best practices” doesn’t apply to all backups and all situations. In some cases, like laptop data, simpler backup cases such as a 30-day retention in cloud storage is sufficient.  

What Is the 3-2-1 Backup Rule? (And How It Works) 

The 3-2-1 backup rule is simple enough to remember but powerful enough to save your business from data loss. If one copy is lost, you still have two copies. Here’s what to keep: 

  • 3 copies of your data (one original and two backups) 
  • 2 different storage media types (redundancy is safer) 

Here’s an example: a law firm has client files on their main server (copy #1). They back up to an external hard drive nightly (copy #2) and send encrypted backups to the cloud weekly (copy #3). If an error or natural disaster occurs, they’re covered from data loss with two different media types (hard drive and cloud), and one copy lives offsite (cloud).  

Why the 3-2-1 Rule Still Matters in 2026 

  • Modern Ransomware Threats: it doesn’t just encrypt your files anymore, it also targets backups first. Ransomware attacks now include data exfiltration, so attackers steal your data before encrypting it. 
  • Hardware Still Fails: Even in the cloud era, physical hardware fails. Drives crash, servers die, and data centers experience outages. Redundancy protects you when (not if) hardware fails. 
  • Human Error Is Constant: Your employee accidentally deletes an entire folder of client files. Another employee overwrites this month’s financial data with last month’s. These mistakes happen daily in businesses across Portland and beyond. 
  • Cloud Storage Isn’t Automatically a Backup: Many Portland businesses assume that storing files in Microsoft 365 or Google Workspace means they’re backed up. They’re not. Microsoft and Google provide data redundancy but don’t protect you from accidental deletion, ransomware, or malicious insiders. If you delete a file from OneDrive, it’s gone from the cloud too. 

How the 3-2-1 Rule Has Evolved: The 3-2-1-1-0 Standard 

The 3-2-1 rule was created before ransomware existed in its current form. It’s still foundational, but modern threats require modern enhancements. Enter the 3-2-1-1-0 rule: 

  • +1: One immutable and air-gapped copy of data 
  • 0: Zero errors through regular testing 

Immutable backups have more important recently because they can’t be changed, encrypted, or deleted—even by administrators—for a set retention period. Even if ransomware hackers gain admin credentials to your systems, they can’t touch immutable backups.  

Air-gapped backups have zero network connectivity—physical or logical isolation from your production environment, like an external hard drive stored in a safe or a cloud backup with separate credentials and no standing network connection.  

The zero in 3-2-1-1-0 means you regularly test your backups. Schedule quarterly or more regular restore tests to verify your backups actually work. 

Common Backup Mistakes 

  • Relying solely on cloud storage like OneDrive without true backups 
  • Keeping all backups connected to the network 
  • Not testing restore procedures 
  • Using the same credentials for production and backups 
  • Insufficient retention periods: 30 days isn’t enough, we recommend 90+ days minimum 

Best Data Backup Practices 

  • Automate everything: set up automated backups that run on schedule without human intervention 
  • Test your backups: schedule regular restore tests at least quarterly to verify you can restore them 
  • Enable immutability features: most modern backup solutions offer object lock features that should be turned on 
  • Use separate credentials: your backup systems should have different admin credentials 
  • Monitor and verify: zero errors means continuous monitoring with alerts for failed backups, storage capacity issues, or authentication problems 
  • Document your plan: write down your recovery procedures with step-by-step instructions, contact information for vendors, and escalation paths 

Key Takeaways 

The 3-2-1 backup rule is still used today because it provides a solid foundation: redundancy, diversity, and geographic distribution. These fundamentals protect against a wide range of threats, from hardware failures to natural disasters. 

In 2026, the 3-2-1-1-0 rule adds immutability and testing—two critical components for defending against ransomware and ensuring your backups actually work when you need them. 

Your business data represents years of work, customer relationships, and operational knowledge. Protect it like you mean it. Contact SpireTech today for a free IT consultation to assess your current backup strategy and learn how we can protect your business data from ransomware, hardware failures, and human error. Check out our FAQ page for common IT questions and fixes.  

Book your free IT consultation

FAQs 

Q: What’s the difference between 3-2-1 and 3-2-1-1-0? 
A: The 3-2-1-1-0 rule adds one immutable copy (that can’t be modified or deleted, even by admins) and zero errors through regular testing. These additions specifically protect against ransomware that targets backups. 

Q: Does Microsoft 365 automatically back up my data? 
A: No, Microsoft provides data redundancy but not true backups. You need a third-party solution like Dropsuite to protect against accidental deletion, ransomware, and other data loss scenarios. 

Q: How often should I test my backups? 
A: Quarterly at minimum. The “0” in 3-2-1-1-0 means zero errors—regular restore testing ensures your backups actually work when you need them. 

Q: What makes a backup “immutable”? 
A: Immutable backups can’t be changed, encrypted, or deleted—even by administrators—for a set retention period. This protects against ransomware and insider threats. 

Q: Can I use cloud storage for the offsite copy? 
A: Yes, cloud storage is ideal for offsite copies—it’s accessible, scalable, and eliminates the hassle of physical transport.