What is the 3-2-1 backup rule?
Keep 3 copies of your data, on 2 different types of storage, with 1 copy off-site. In practice: the original on your computer, a local copy on an external drive or NAS, and a cloud backup. The rule survives because it covers all failure modes at once: hardware death, theft, fire, and ransomware.
The 3-2-1 rule comes from photographer Peter Krogh and was adopted by security agencies (including CISA and US-CERT) because its arithmetic covers reality. One copy is no copy: a single drive has a meaningful annual failure rate, as Backblaze’s famous Hard Drive Stats document year after year. Two copies in the same house still share one fate in a fire, flood, or burglary. The third, off-site copy is what turns a catastrophe into an anecdote.
The modern implementation is cheaper than the rule’s reputation. Copy one: your computer, as is. Copy two: an external SSD or NAS that backs up automatically (Time Machine on Mac, File History on Windows, or Acronis for full images). Copy three: a cloud backup service like Backblaze (around $99 a year, unlimited) or IDrive (5 TB across all devices) running silently in the background. Total cost: one drive purchase plus under $10 a month.
Two refinements professionals add. First, versioning: the off-site copy should keep file history (30+ days), because ransomware-encrypted files synced to a cloud without versions are three copies of garbage. Second, the occasional restore test: open the backup app twice a year and actually restore a folder. The rule’s biggest failure mode is not technical but human: backups configured once, silently broken for months, discovered the day they were needed.