In recognition of Acronis Cyber Protection Week 2023
Fora long time, March 31 was World Backup Day: an annual event created to raiseawareness of the importance of backup best practices. In 2020, we celebratedthe finalWorld Backup Dayand, with a vision for bigger things, launched Cyber ProtectionWeek. Now entering its fourth year, Cyber Protection Week is an annualopportunity for personal and professional IT users to take a deeper look at howthey approach their digital defenses. We are celebrating this year from Monday,March 27 through Friday, March 31.
In this initial post for Cyber Protection Week 2023, weexamine the importance of having a robust data backup strategy using a verybasic but effective “3-2-1 backup rule,” which counsels to make a few copies ofyour data and store them in different locations, so that you’ll always haveaccess to your data, regardless of whatever disasters you may experience — bethey by cyberattacks, natural disasters, or other adverse events.
Whatis 3-2-1 backup?
Backupis important, but it is just as important to remember that having one backupcopy is sometimes not enough. For example, let’s assume you back up yourcomputer to an external drive, which you keep in your home office. If yourcomputer crashes,you have the backup copy. However, if a fire breaks out in your home, it willdestroy both your computer and the external drive.
Youwill be surprised to learn how many small businesses do notback up their dataand how many more do notsurvive a data disaster. Watch this video and learn how following the3-2-1 rule of backup can stop your organization from becoming a data disaster statistic.
Whatis the 3-2-1 backup strategy?
The3-2-1 backup rule is a pioneer data backup strategy. It follows the belowrequirements:
- You create three copies of your data — the original data on your primary device and at least two copies.
- You use two different storage devices — here, it’s up to you to choose the two storage media carriers — your PC, external hard drive, a USB flash drive, DVD,NASor cloud storage devices.
- You keep one of the backup copies off-site — by keeping copies of your data in a remote location, you prevent data loss due to a local disaster or a site-specific failure scenario.
The3-2-1 backup rule is almost two decades old. Back in the day, users would relyon hard drives with as much as 30 GB capacity and CD backups. Nowadays, storagedevices include hard drives of up to 22 TB and numerous cloud storage mediaoptions. Additionally, today’s storage concerns aren’t all about the volume.You’d need to keep in mind how a specific storage medium handles security andfailover contingencies.
The3-2-1 backup rule is simple and efficient. It allows fine-tuning the backupcopies of your data, data analysis, and quick disaster recovery (in most cases).
However,the 3-2-1 backup strategy (as a fundamental concept) is gradually becoming old.Nowadays, we aren’t facing the same types of cyberattacks as users at thebeginning of the century, so data storage should try to keep up. We willdiscuss the most recent data protection approaches later in the article.
Howmany backup copies should I keep?
Accordingto the 3-2-1 backup rule, you should keep at least two backup copies to protectyour data against natural disasters, accidental deletions, hardware failure andcyberattacks.
Whilethe original data resides on one of your primary devices, the secondary copieswon’t share the same location, so at least one copy will be secure againstdifferent threats. For example, if a natural disaster strikes your home office,your PC and local storage may be lost for good. However, the data copy off-sitewill be spared.
Ifyou only use a single backup, without an off-site copy, you won’t be able toinitiate disaster recovery following a fire or a flood on your premises.
Whatis the best place to store a full backup?
Okay,you’re now familiar with the 3-2-1 rule as a backup process. However, you mustfind the optimal media type to store your backup copies.
Thereis no universal carrier for backed-up data. Depending on your production data,business operations, and backup service provider, your business must use amixture of different storage media to ensure business continuity. If you’re anindividual user, you can rely onbackup softwareto help you find a perfectlocation for your backup copies or do your due diligence and use the mostconvenient storage media.
Full backupstend to be bigger thanincremental or differential backups, so opticaldisks (CD/DVD/Blu-Ray) and USB drives may be small to contain them. With thisin mind, users are left with two major options to follow the 3-2-1 backup rule.
Externalhard drives
The external hard driveis a convenient place to store your important data. It’seasy to use, highly portable and enables quick data recovery.
Aslong as you have the hard drive on you, you can connect it to any laptop or PCand manage your backups. An external hard drive is especially suitable forrestoring your PC’s hard drive onto a new machine.
Cloudstorage
Backupdata stored on the cloud is accessible from any device anytime, as long as youhave a stable internet connection. Users who back up small volumes of data mayturn to free cloud services — Google Drive, iCloud, or Dropbox.
However,if you’re running a business and want critical data protection for your assets,it’s best to go for dedicated cloud storage. The same goes for individual userswho manage sensitive data.
Whileon a paid cloud, data will be encrypted and safeguarded from virtual attacks,ready for data recovery if needed.
Whencomparing cloud storage and external hard drives for 3-2-1 backup, mostbusinesses should implement a hybridbackup and recoveryapproach. As forindividuals, your choice depends on the sensitivity of backed-up data, thebackup volume, and your budget.
Howoften should a full backup be done?
Fullbackups are a tried-and-true method against data loss. That said, full backupstake the most storage space, bandwidth and time to create.
ForSMBs, it makes sense to do a full backup of operational data at least once aweek, with daily incremental or differential backups as well.
Forindividual users, full backups may quickly raise storage issues, especially ifyou’re using a free cloud or a single external HDD for the 3-2-1 backupapproach. If you don’t create a lot of new data on your PC, you can onlyinitiate full backup upon a major data upgrade on your machine.
Howlong should I keep my backups?
Asa general rule, SMBs should keep fullsystem backupsfor at least two months. Atwo-month retention rate ensures that you can safely restore a clean copy ofyour system if needed and proceed with day-to-day operations unhindered. You’dalso be able to recover safely from malware that has resided undetected on yoursystem for a while.
Asfor individual users, you can keep one copy of a full backup on an HDDindefinitely if you don’t need the extra space.
Whyis the 3-2-1 backup method important for data protection?
Datais knowledge, and knowledge is power, as we know well. To be competitive, SMBsmust understand the crucial role of 3-2-1 backup in data protection.
Keepingat least three copies of your data is typically enough to recover from anyfailure scenario, keep data recovery objectives optimal, and avoid a single pointof failure.
The3-2-1 backup strategy ensures that multiple copies of your data can survivevarious threats. With one backup kept locally and two off-site copies, you canmitigate the effect of natural disasters, human error and cyberattacks mosteffectively.
Also,having the two additional copies on different storage devices (say, an HDD in afire-proof safe, and the cloud) raises the chances that at least one of thebackups will be available for recovery in any scenario.
Whyis it important to have both off-site and on-site backup strategies?
Thefundament of the 3-2-1 backup strategy is to guarantee data integrity andaccessibility. Those can be denied for SMBs in various scenarios.
Ifa natural disaster or a power failure strike, your production data on-site (aswell aslocal backups) may be rendered inaccessible.
Asfor cloud storage, if a cyberattack manages to penetrate the cloud’s server,you may lose access to your data indefinitely. This is why it’s a best practicefor SMBs to follow the 3-2-1 backup rule. Let’s look at an example.
Supposeyou have three copies of your data. The original information set resides inyour office. Disaster strikes and demolishes your computers along with the dataon them. The second copy of the data is typically kept in local storage, so thedisaster will likely affect it. However, the third copy is stored off-site — itnormally won’t be affected by the disaster, so you could safely restore datafrom it.
Is3-2-1 the best backup strategy?
The3-2-1 backup rule has been a pivotal guideline for almost two decades. It is abest practice among information security professionals and is a good rule ofthumb for individual users.
However,the immense rise of ransomware attacks calls for enhancing the basic principlesof the 3-2-1 backup strategy. Those are redundancy, access and geographicdistance.
Cyberattackstargeting entire networks may capture all data on them, including backups. Thisis a crucial issue for SMBs, as it may force indefinite downtime. In suchcases, their off-site copy may become the only copy they can use to carry on.And if something happens to it as well, even the 3-2-1 backup rule won’t beenough to save their data.
Whatare some other good backup strategies?
Ascybercrime evolves, so do data loss prevention tactics. Modern alternatives tothe 3-2-1 backup rule have emerged to fortify backup and recovery for SMBs andindividual users.
Themost prominent strategies to adopt are the 3-2-1-1-0 and 4-3-2 approaches.
Modernchanges to the 3-2-1 backup strategy
The3-2-1 backup rule is the foundation for modern backup strategies. Let’s explorethem below.
The3-2-1-1-0 approach
Thismethod reintroduces the idea of an offline (air-gapped) copy. It can either bean off-site tape copy as the original intention of the 3-2-1 or immutablestorage on the cloud (meaning the data on it cannot be modified or changed).
Additionally,the “0” in the approach name stands for “zero errors” for stored backups. Thiscan be ensured by daily monitoring of backup media, correcting errors, andperforming regular restore tests.
The4-3-2 approach
Thisapproach requires four copies of data stored in three locations. The first oneis on-premises, the second - with an MSP (say, Iron Mountain), and the third -with a cloud storage provider. This way, two locations are off-site, grantinghigher data protection against disasters and targeted attacks.
3-2-1backup with Acronis!
AcronisCyber Protect offers easy and reliable local andcloud backup for businesses.SMBs can follow the 3-2-1 backup approach with no upfront investments via aneasy-to-manage, comprehensive solution. Moreover, companies can benefit frompredictable costs and budget-friendly subscriptions.
Ourbackup software enables users to create encrypted local backups, with a backupcopy off-site safely residing on the Acronis Cloud. Backups stored on the cloudare also encrypted and available for disaster recovery with only a few clicks.
Wealso offer Acronis Cyber Protect Home Office for individual users fond of the3-2-1 backup strategy.
AllAcronis solutions focus not only on backup and recovery but addresscybersecurity in an industry-leading manner — users can proactively avoidcostly downtime, quickly identify and fix security issues, and block ransomwareattacks before they occur via an intuitive interface.
