<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Data-Protection on IT Made Simple</title><link>https://itmadesimple.co.nz/tags/data-protection/</link><description>Recent content in Data-Protection on IT Made Simple</description><generator>Hugo -- gohugo.io</generator><language>en</language><managingEditor>Thaddeus</managingEditor><webMaster>Thaddeus</webMaster><lastBuildDate>Tue, 02 Jun 2026 08:00:00 +1200</lastBuildDate><atom:link href="https://itmadesimple.co.nz/tags/data-protection/index.xml" rel="self" type="application/rss+xml"/><item><title>The 3-2-1 Backup Rule Explained</title><link>https://itmadesimple.co.nz/posts/the-321-backup-rule-explained/</link><pubDate>Tue, 02 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/the-321-backup-rule-explained/</guid><description>The 3-2-1 backup rule is the gold standard for protecting your business data. Here&amp;#39;s what it actually means and how to do it without breaking the bank.</description><content:encoded><![CDATA[<p>In a <a href="https://itmadesimple.co.nz/posts/what-backup-actually-means/">recent post</a> we covered the difference between syncing and backing up — and why OneDrive or Google Drive alone won&rsquo;t save you when things go sideways.</p>
<p>This time, let&rsquo;s talk about what a proper backup strategy actually looks like. There&rsquo;s a well-known framework for this, and it&rsquo;s refreshingly simple.</p>
<p>It&rsquo;s called the <strong>3-2-1 Backup Rule</strong>.</p>
<h3 id="what-is-the-3-2-1-rule">What Is the 3-2-1 Rule?</h3>
<p>The concept comes from <a href="https://en.wikipedia.org/wiki/Backup#:~:text=relational%20database.-,3%2D2%2D1%20Backup%20Rule,-%5Bedit%5D">Peter Krogh</a>, a photographer who was thinking about how to protect his life&rsquo;s work. It&rsquo;s since become the gold standard for data protection across every kind of business.</p>
<p>The rule is:</p>
<blockquote>
<p><strong>3</strong> copies of your data
<strong>2</strong> different types of storage
<strong>1</strong> copy stored offsite</p>
</blockquote>
<p>That&rsquo;s it. Three lines. But each one matters, and most grassroots businesses aren&rsquo;t following any of them.</p>
<p>Let&rsquo;s break it down.</p>
<h3 id="3-copies-of-your-data">3 Copies of Your Data</h3>
<p>This means the original data on your computer, plus <strong>two separate backups</strong>. Not one backup — two.</p>
<p>Why two? Because your single backup can fail. Hard drives die. USB sticks get lost. Cloud accounts get compromised. If you only have one backup and it&rsquo;s corrupted or missing when you need it, you&rsquo;re in the same position as someone with no backups at all.</p>
<p>The good news: copies don&rsquo;t all need to be full system images. One could be an image backup of your entire machine, and the other could be a copy of your critical business files — accounting data, customer records, emails, whatever would hurt most to lose.</p>
<h3 id="2-different-types-of-storage">2 Different Types of Storage</h3>
<p>Don&rsquo;t put both backups on the same kind of device. If both backups are on external hard drives and one fails due to a manufacturing defect, the other might not be far behind — same batch, same usage, same environment.</p>
<p>Instead, use <strong>two different storage mediums</strong>:</p>
<ul>
<li><strong>External hard drive or NAS</strong> (Network Attached Storage) at your office — for fast, local restores</li>
<li><strong>Cloud backup</strong> (Backblaze, Wasabi, Azure Blob, AWS S3) — for protection against physical disasters</li>
</ul>
<p>The point is diversity. Different storage types fail in different ways. Cover more bases.</p>
<h3 id="1-copy-stored-offsite">1 Copy Stored Offsite</h3>
<p>This is the one most people skip. Your office has a fire, flood, theft, or power surge — and suddenly your computer and your backup drive are both gone.</p>
<p>An offsite copy means at least one backup lives somewhere physically separate from your business. For a small business, this doesn&rsquo;t have to mean a data centre. It can mean:</p>
<ul>
<li>A cloud backup service (the most practical option for most)</li>
<li>An external drive you rotate weekly to someone&rsquo;s home</li>
<li>A NAS at your house if the business is at your shop</li>
</ul>
<p>The cloud option is honestly the easiest for a grassroots business. Once it&rsquo;s set up, it runs automatically. No one has to remember to take a hard drive home on a Friday.</p>
<h3 id="what-this-looks-like-in-practice">What This Looks Like in Practice</h3>
<p>Let&rsquo;s say you run a plumbing business with one office computer and a server.</p>
<p><strong>Copy 1 (Original):</strong> Your live data on the office computer and server.</p>
<p><strong>Copy 2 (Local backup):</strong> A NAS device in the office running daily backups of everything. If your server dies, you restore from the NAS. Done in minutes, not days.</p>
<p><strong>Copy 3 (Offsite/Cloud):</strong> A cloud backup service running nightly, pushing encrypted backups offsite. If the office burns down, you buy a new computer, connect to the cloud, and start restoring. You&rsquo;re operational again within a day or two instead of starting from scratch.</p>
<p>That&rsquo;s the 3-2-1 rule in action. Not complicated, not expensive, but dramatically better than nothing.</p>
<h3 id="what-about-the-cost">What About the Cost?</h3>
<p>This is where I expect some pushback: &ldquo;Yeah, but I&rsquo;m a tradie with 3 employees. I can&rsquo;t afford a NAS and a cloud service.&rdquo;</p>
<p>Here&rsquo;s the thing — you can&rsquo;t afford not to. A decent 2-bay NAS runs about $300-400 NZD. A 4TB external drive is around $100. Cloud backup for a small business runs about $50-100/month depending on how much data you have.</p>
<p><img loading="lazy" src="/posts/the-321-backup-rule-explained/nas-example.png" type="" alt=""  /></p>
<p>Compare that to the cost of losing all your business data. Customer records, invoices, job records, accounting files. The stuff you actually run your business on. What&rsquo;s that worth?</p>
<p>And you don&rsquo;t have to do it all at once. Start with an external drive and a cloud backup first. Add a NAS later. The key is to <strong>start</strong>.</p>
<h3 id="the-bare-minimum">The Bare Minimum</h3>
<p>If budget is genuinely tight, here&rsquo;s the absolute baseline:</p>
<ul>
<li><strong>Copy 1:</strong> Your computer (original)</li>
<li><strong>Copy 2:</strong> External hard drive plugged in at the office, backing up weekly</li>
<li><strong>Copy 3:</strong> Cloud backup service running automatically</li>
</ul>
<p>This costs you about <strong>$8-10/week</strong> for a basic cloud backup and possibly a one-time cost for an external drive. Less than most people spend on coffee.</p>
<p>If that&rsquo;s still too much, I&rsquo;d challenge you to think about what your business data is worth. Because the question isn&rsquo;t really &ldquo;Can I afford to back up?&rdquo; It&rsquo;s &ldquo;Can I afford not to?&rdquo;</p>
<h3 id="automate-or-forget">Automate or Forget</h3>
<p>The biggest enemy of backups isn&rsquo;t cost — it&rsquo;s forgetting. If backing up requires someone to plug in a drive, click a button, or remember to do something, it will eventually get skipped.</p>
<p><strong>Automate everything you can.</strong> Set your backup software to run on a schedule. Cloud backups should be continuous or nightly. A local backup should run at least weekly, ideally daily.</p>
<p>Set it and forget it. Except for one thing: verify.</p>
<h3 id="test-your-backups-seriously">Test Your Backups. Seriously.</h3>
<p>I mentioned this in the <a href="https://itmadesimple.co.nz/posts/what-backup-actually-means/">last post</a> but it bears repeating: a backup you&rsquo;ve never tested is just a guess.</p>
<p>Pick a file. Restore it from your backup. Confirm it works. Do this every month or so. It takes five minutes. It&rsquo;s the difference between &ldquo;I think we&rsquo;re backed up&rdquo; and &ldquo;I <strong>know</strong> we&rsquo;re backed up.&rdquo;</p>
<h3 id="the-3-2-1-rule-is-a-starting-point">The 3-2-1 Rule Is a Starting Point</h3>
<p>This rule doesn&rsquo;t cover everything — you also need to think about how often you back up (daily? hourly?), how long you keep old backups (30 days? 90 days?), and what you&rsquo;re actually backing up (just files? system images? email?).</p>
<p>But the 3-2-1 rule is the foundation. Nail this first. Build on it later.</p>
<p>If you follow nothing else, do this:</p>
<ol>
<li>Buy an external hard drive</li>
<li>Set up a cloud backup service</li>
<li>Automate both to run on a schedule</li>
<li>Test a restore once a month</li>
</ol>
<p>That&rsquo;s it. You&rsquo;re ahead of 90% of small businesses already.</p>
<hr>
<p><em>Want a step-by-step walkthrough of setting this up? I&rsquo;ve put together a companion guide on Patreon that walks you through choosing a cloud provider, setting up automated backups, and creating a restore checklist. <a href="https://www.patreon.com/cw/ITMadeSimple">Check it out on Patreon</a>.</em></p>
]]></content:encoded></item></channel></rss>