Finally, the best way to backup data

One of the best ways to protect yourself and your business against many the best way to backup your datacybersecurity incidents is backing up.

If you read the previous article, you would have learned some of the most common things people do wrong when it comes to backups.

This week, I wanted to help you further improve your backups by sharing the strategy I think is the best way to backup data.


What is this strategy?

The strategy I use is what I call the 3 2 1 backup plan. If you’ve read on how to backup data before, you may have heard of it. However, I’ve updated it in several places due to the cyber risks we face today, specifically the emergence of ransomware.

The 3 2 1 backup plan goes like this:

3 2 1 Backup Strategy


Have at least three copies of your data

Initially, this can seem like a lot of work. Why wouldn’t one be perfectly fine? Well, yes, sort of, but.

One copy will achieve the goal of backing up your data. This is true. However, it won’t make for a quality and resilient backup.

That’s because it still leaves you vulnerable to data loss. If anything happened to that one copy, such the hardware died, someone breaks or misplaces it, or it’s lost in a flood, you stand to lose it all.


Store at least two of these copies on different storage media

Not all types of storage media are created equal, and they don’t last forever. They all have different failure rates and expected lifetimes. (For expected lifetimes of various media, check out this neat infographic)

To make things even more complicated, how often you use them, how you handle them, and how you store them can also affect how long they’ll last. Then, of course, there is the issue of getting a bad batch of media that fails out-of-the-blue, leaving you without access to your data.

The idea is that you don’t want to put all your eggs in one basket. Just like how you wouldn’t invest all your money in a single stock, by diversifying your backups across different types of storage media, we are hedging against losing everything in the event a kind of storage media fails or becomes unrecoverable. 

One new type of storage media (which can be referred to as a storage solution as well), is cloud storage. Cloud storage is becoming increasingly popular and can be a cost-effective and easy solution to backup your data. 

The primary con to point out here is that the cloud is just someone else’s computer. You don’t control that backup or your access to it. There is always the chance it’s unavailable, or completely gone, in the event you need it. 

Two other cons to point out: depending on the provider, your backup could still be vulnerable to ransomware (more on this below), and if you lose your Internet connection, there isn’t a way to retrieve your backup.


Keep one copy off-site and offline

Having your backups close at hand is great if you need to restore something quickly. However, they don’t do you any good if you suffer a flood, fire, or theft.

An off-site copy will ensure that no matter what happens to your primary work environment, you still have a copy you can use to recover. 

This is even more important for those who don’t have a permanent office or are continually traveling (such as consultants) — moving about increases the risk of accidents, forgetfulness, and theft, resulting in the loss of not only your laptop or devices but their backups as well.


Why off-site and offline?

If you’ve heard of the 3 2 1 backup plan before, you might recognize that there is usually one backup off-site, and that’s it.

The reason this needs to be updated is the risk of ransomware. It’s common to use cloud storage or another office’s computer systems to store a copy to achieve the off-site requirement.

However, using cloud storage or copying a backup to another computer system located in a different physical location still leaves your copy vulnerable ransomware, due to the fact it’s still online. 

I’m also not saying here that you shouldn’t use cloud storage or backup solutions. The cloud can be a cost-effective and easy solution to backup your data. However, many cloud storage services work by syncing a folder on your computer. 

This behavior makes it possible for ransomware to encrypt that folder, and for your cloud storage software to then sync the encrypted files to the cloud, overwriting the originals and rendering the backup useless.


Implementing the 3 2 1 backup plan

The 3 2 1 backup plan is a great way to ensure your valuable business data is available. However, like everything else in life, it’s not perfect.

The best way to implement it is first to take the 3 2 1 backup plan and combine it with the recommendations from this article. Then, tailor to what will work best in your business, create your processes, and start backing up.



You invest a lot in your business. Investing the time, energy, and capital into implementing a robust backup method is like investing in an insurance policy for your files. Ensuring that when a disaster or accident does strike, you can restore and resume operations as quickly as possible without losing your critical data.

Are you using the 3 2 1 backup plan to backup your files? If so, leave a comment below and let me know how it’s working for your business!

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Six things you’re doing wrong when it comes to backups

No matter how agile your business is, or how good your employees are, one backupsaccidental tap of the “delete” key on your customer database, or one ransomware infection could cripple (or worse, end) your business.

There has to be a way to avoid this, right?

There is! It’s called backups.

I know, I know, I can hear the groans. Backups? We already do those!

You might be backing up already, but I bet you’re doing it wrong.

See, most people and businesses know they need backups, but don’t back up at the right frequency or do one and then put doing more off entirely. 

Or they think that their yearly backup is sufficient to get them back on their feet and never test it until ransomware has taken out all their computers, only to realize that their backup is too old or doesn’t work.

So, how could you be doing backups wrong?


Only doing full backups

When most people think about backups, they think about full backups. 

These backups are where you include everything on every computer, device, and online storage you have. It would be best if you also created full backups of the configuration of IoT devices, online account settings, and files.

A full backup is what you would use to restore each computer, device, or account from scratch.

While full backups are the best to recover when things go south, with data changing so rapidly and the amount of time and effort it takes to do full backups, they’re not always feasible to do regularly.

That’s where incremental backups come in. 

Incremental backups only backup changes since the last full backup. They’re beneficial because they’re much quicker (so you can do them more often) and usually smaller. 

If you use backup software, you shouldn’t have to worry about the full and incremental backups (of course, confirm with your documentation!). Your software will usually do a full backup every so often, and then use incremental backups to keep updating that full backup. 

However, if you’re one of those that backups files by hand, be sure to start doing both full and incremental backups!


Not backing up frequently enough

Of course, you should backup as often as you can since the more you update your backups, the less information you’ll lose in the event of an issue. Though, doing that is not always realistic. 

That’s where using a combination of full and incremental backups at different frequencies can help.

The idea is to take full backups at regular intervals and then at shorter intervals take incremental backups to adjust for changes.

The most common recommendation is to complete full backups every month, and incremental backups every week. 

Ultimately though, you should choose a backup frequency that works for your business and will give you the best head-start if you need to rely on that backup.

Some things to consider when choosing a backup schedule:

  • The data on each computer or device, its importance, and how frequently it changes.
  • The chances of something happening to your computer or device.
  • The amount of data you could lose and still be able to operate effectively.

The more critical the data is to your business, and the less data you could afford to lose and still be able to operate, the more frequently you should backup.

For example, if you have a computer that only provides read-only access to historical records that never change, and each backup would be identical, then full backups each month probably aren’t the best use of your time.

However, if you use one laptop for your entire business and you’re prone to forgetting it at coffee shops, then at least daily incremental backups are a good idea.


Not creating offsite backups

In today’s world of access to the Internet everywhere and always-available online services, it’s easy to forget that the real world is fallible.

Fires, floods, natural disasters, break-ins, and thefts can and do happen.

Believe it or not, storing a backup in an offsite location could be your saving grace in one of these situations. It won’t help you avoid any of these issues, but the moment your office suffers a fire, or all your computers stolen, you’ll be glad you have another copy of your data elsewhere. 


Not creating offline backups

Just a few years ago, creating backups and storing them on a network-connected storage drive was sufficient. 

However, with ransomware steadily increasing (XX% in 2019!), things have changed.

These days, if you were to leave your backup on a network-connected computer, and your network becomes infected with ransomware, that ransomware could end up encrypting your backup. 

If that happens, you’d be unable to restore your computer using that backup. You’d be in the same situation as if you didn’t backup at all.

Talk about a waste of time!

The best way to protect against this is to keep a copy of your backups offline. Not just on a computer or device that is powered off, either. But on a device (such as a portable hard-drive) that is unplugged from power and your network.

That way, there is a reduced chance of the backups accidentally being encrypted in a ransomware infection because someone turned on or plugged in the backup drive.


Not testing backups

Of those that do backups, few test those backups.

When I say testing backups, I don’t mean testing that your backups are completing successfully, but testing that the backups you’ve made are going to work to restore your computer. 

That way, when you need them, you know they’re going to work, and you can quickly restore and get back to business.

Don’t wait to test your backups when you need to restore!


Not encrypting backups

One final thing you’re probably doing wrong with your backups is encryption. If your backups include any confidential or sensitive information, it’s essential to encrypt them before they’re stored. 

The main reason here is loss or theft. If the hard drive containing your backups is stolen or lost, there is a reduced chance of your confidential or sensitive information getting into the wrong hands.



Now while most the backups here are dependent on your risk level, many of them are essential regardless.

Are you doing backups correctly? Leave a comment here and let me know if you are going to be adding anything to what you do for backups!

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?