Bad things happen. One day, that file you worked on is fine. The next, it’s gone – lost in a hard drive failure or perhaps a stolen device. Maybe the version you worked on has corrupted, and you need to recover an earlier file. Someone might have deleted the file, removing it from your systems forever.

Data corruption is a bit like a car accident. It doesn’t happen often to a person. But when it does, even a minor fender bender can create inconvenience, and a major smash can cause months, even years, of problems. Likewise, when a file or database no longer performs as it should, it can lead to severe losses.

“Data is one of those funny things where you don’t think about it until it’s not there anymore,” says Emma Mbebe, account manager at Sithabile Technology Services. “Hours of work evaporate just like that, and you can spend a lot of time afterwards trying to fix the situation. It’s a big inconvenience when this happens to one person. When the data is used by multiple people, the impact is exponential across a business. This is why criminal attacks like ransomware work so well: they hit a business where it hurts the most.”

Which is why data backups are critical. Yet, it’s not enough to make one backup. If you want to be thorough, follow the 3-2-1 rule. What is the rule, does it apply to every company, and can they afford it?

The 3-2-1 Safety Net

The 3-2-1 rule is pretty simple: have 3 copies of data on 2 different media and 1 kept offsite. For example, keep two copies of a file on separate removable flash drives, and a third on cloud storage (offsite). You can also have the file on network storage, and two removable drives, keeping one drive at an offsite location.

You can apply the rule manually or with backup automation. You could even print the file’s contents on paper and keep that safe. It’s not convenient, but it is a backup. You could maintain two or several copies of a file. The point is to create redundancy through multiple independent backups.

Surprisingly, IT experts didn’t invent the 3-2-1 rule. It first appeared in a book, Digital Asset Management for Photographers, where author Peter Krogh guided photographers on safeguarding their growing digital photo libraries. Digital photos were one of the first digital mediums that started growing exponentially in volume, and photographers cannot recreate their snapshots–once a photo is lost, it’s gone forever. That is, unless they have a copy.

The 3-2-1 rule has since become the baseline for good backup practices, and it has evolved to incorporate many different storage mediums and backup strategies.

Is the 3-2-1 rule for your business?

Applying the 3-2-1 rule makes a lot of sense, but it may also feel excessive. Specifically, paying for different storage options and managing copies across those instances sounds complex and expensive. Smaller businesses might feel they don’t qualify.

But Mbebe disagrees: “Making multiple backups can sound daunting and costly when you look at the higher-tier options, such as dedicated network storage. But, in principle, you don’t need to go that far. The hardest part is to decide what data is important, then balance that with security and compliance. For example, if you are writing a pitch document, that’s not very sensitive. You can save a copy to email, to a flash drive, and save a third one on a service such as OneDrive.”

At a fundamental level, the 3-2-1 rule works for any situation. It’s all relative to what a person or business needs.

“I like to think of the 3-2-1 rule as a conversation starter. The question is not whether you use this rule but whether you are concerned about backups at all. If you need to be serious about backups, then the rule provides a good foundation. Now, decide on your priorities and capacity, then establish a backup strategy which can be as simple as telling employees to save copies to the cloud, or involve elaborate management and backup appliances. A healthcare provider or financial institution should never back sensitive data onto removable drives or external emails. So, there we already know what they can and cannot do, projected through the 3-2-1 rule.”

The 3-2-1 rule sets a benchmark: fill in the gaps, and you’ll see if your backups are sufficient. It’s a rule that can apply to every organisation and even individuals.

Without it, you take a massive risk. Bad things happen to data. Beyond the scary stories about ransomware and data theft, it can be a simple case of losing a device or a hard drive failing. Maybe a water pipe bursts and floods your office – now that offsite backup makes sense.

So, don’t ignore this crucial rule, says Mbebe. Consider how it would fit into your organisation, and make your backups as easy as 3-2-1.