3 2 1 computer backup rule

3. 2. 1. Backup Your Computer!

Go grab a tissue and I’ll share a story with you, and this is one you should definitely read (at least to find out what 3-2-1 means)…

A few weeks ago I was a party in a sad conversation, which had all the attributes of a blockbuster movie plot; money, suspense, and an evil villain for our story’s hero to triumph over. OK, I’m being a tad dramatic (or am I?) and since this story doesn’t have a happy ending there isn’t any real hero. There definitely could have been, but one simple action snuffed our chances of a happy ending before the movie even started. OK, keep those tissues handy and let’s get to the story!

I’m having a discussion about computers and the conversation goes something like this (dim the lights)…
They said, “I just received a computer from a co-worker.”
I asked, “What’s wrong with it?”
They answered, “He can’t access any of his files!”
I asked, “What are the symptoms?”
They answered, “All the file extensions are .zepto.”
I said, “Uh oh!”

If you see where this is going you probably know why I suggested you grab a tissue before I started. If not, read on and  I’ll explain. Even if you do know you should still read on.

Ransomware, and why you don’t want it!

The computer in question was infected. Infected with Ransomware!

We all know that malware, rootkits, and viruses are bad and we don’t want them on our computer, but truth be told it’s possible to recover from an infection more often than not. It may not be pretty, you may have to re-install your operating system, you may lose some of your files, but generally it’s not the absolute end of the world. Unfortunately that world has changed.

If there is a way to monetize something someone will find a way to do it, and that is exactly what has happened in the malware world! Some bright person thought long and hard about what people do with their computers and came to the conclusion that the one commonality that all people share is they create files. They create music files. They create picture files. They create movie files. They create documents files for work. They love their files! Then they took their idea to the next logical level; why not encrypt those tasty files and charge a ransom for their return.

That’s right, folks, a common infection today will encrypt your files and it will only get worse. You won’t be able to access them, play them, share them, or view them unless you pay a ransom. Nice, eh? Kinda makes you want to check on your antivirus and be a little more careful about where and what you click, doesn’t it?

In most cases the person responsible for infecting you – the kidnapper if you will – will offer to return your files to working order if you pay their ransom demand, and just between you and I the cheapest demand I’ve seen is between $300 and $500. Now, being a villain they go to diabolical means to protect themselves and their new found income stream. To that end the general way to pay this ransom is;

  • Create a Bitcoin (alternative anonymous currency) wallet (a virtual wallet used to store Bitcoin).
  • Fund that wallet with your bank account or credit card.
  • Send money from that wallet to the secret account of the “file kidnapper”.
  • Contact the kidnapper via anonymous means (tor chat, IRC, drop email account).
  • Hope that the person receiving your ransom is honest enough – yeah, right – to send you the information to decrypt your files.

Your goal is to not find yourself in this situation to begin with, and while there are several methods that may help prevent ransomware infections there is only one true solution. That solution is to backup your computer! Not only can a computer backup protect you from ransomware, but almost every other conceivable computer problem can also be cured with a good backup.

Backup your computer!

Earlier I mentioned that a simple action could have changed our story ending from doom and gloom to an enjoyable happy ending (still have those tissues handy?). That action was for the owner of the computer to create backups of his files. He didn’t backup, nor was he able/willing to pay the ransom so the net result is he lost his files. Gone! Not because we didn’t want to help – we just don’t have the means to fix the problem at this time. Hint: This is the section of the article where you shed a tear for the lost files, come to grips with the fact there is no happy ending to the story, and use the tissue to dry your eyes before you get to the real meat of the article!

What is a computer backup?

So, what is a backup? In the simplest of terms a computer backup is simply a second copy of the files on your computer. The backup could be on the same hard drive, an external hard drive, DVD, thumb drive, or even a hand written copy of the file contents. It could be a simple copying of the files or a drive image. As long as there are two copies, you have a backup – and don’t tell anyone I said this, but you’re already ahead of most other users if you backup at all.

And now you’re asking yourself, “It can’t be that easy, can it?” No, of course it can’t! While 2 copies is technically a backup it may not be a good backup. When you perform bad backups you leave yourself open to a whole Pandora’s box of possible problems such as; drive failures, lightning strikes, theft, and even malware, and there is almost nothing worse than the feeling you get when you realize you lost little Johnny’s birthday pictures because your backup failed. Heck, some people might go off the deep end if they lost their bookmarks!

Have no fear, I’m about to share with you an unwritten secret known only to those faceless computer geeks who reside in deepest darkest recesses of the office basement.

The 3-2-1 backup rule

The 3-2-1 backup rule is designed to prevent data loss due to any reason short of a nuclear war. It’s a minimum standard that businesses should follow and a great goal for anyone backing up their data. It may seem like overkill at first glance, but many things you keep on your computer simply aren’t replaceable, or would take years to recreate. So, what is this secret rule? The 3-2-1 rule means 3 different backups on at least 2 different media with one copy off-site. There you have it, but don’t spread it around – it’s a secret. If you lose your data while practicing the recommendations of the 3-2-1 rule you most definitely have much bigger problems at hand – after all, how are you going to fight off the zombie horde with only a disposable lighter, a toothpick, and a shoe lace?

3 – three different backups

That’s right, three! I’ve said it before – and I’m sure I’ll say it again – “You can never have enough backups!” Backups fail. Things happen. Having three different copies of your backup greatly raises the chance that at lease one will be good and with a little effort some of the process can be automated. In the end if 2, or all 3, backups are fine then it’s really no skin off anyone’s nose if you’re able to recover your data. The key is to spread the risk, which is the entire premise behind the 3-2-1 backup rule.

2 – two different media

Yes, two! It’s a fact of life that hard drives die, USB drives are lost, and DVDs get scratched. By having the backup on at least two different media you increase your chances of recovery when on of those devices fail (and it will). The chosen media isn’t important and you can use any combination such as;

  • Two external hard drives and a USB thumb drive.
  • One internal hard drive, one external hard drive, and a burnable DVD.
  • Three USB thumb drives.
  • Two external hard drives and a cloud storage account.

Any combination that suits you and your situation is acceptable so use your imagination.

1 – one backup off-site

It’s an unfortunate fact of life that homes are broken into and natural disasters occur. The very last thing you want to even remotely worry about are those irreplaceable pictures of a child or relative who’s past. The best solution is to store one backup away from the location of your computer. There are many ways to accomplish this and some are more labor intensive than others, but it isn’t difficult to carry a thumb drive to work every week. Here are a few examples to consider;

  • Rotate the external drives you keep your backup on and take one to work.
  • Send a DVD with backed up files home with a relative.
  • Backup to a USB thumb drive and hide it in your car.
  • Automate the process using a service like CrashPlan, which backs up automatically to CrashPlan’s servers.
  • Use the free CrashPlan software to backup files automatically to friend’s or relative’s computers over the internet.
  • Use OneDrive, Google Drive, or Carbonite.
  • If you’re really anticipating the zombie apocalypse bury a thumb drive in a coffee can in the desert.

The goal is to separate the original computer files from the backup.


It’s not overly difficult to implement your own 3-2-1 backup plan and the effort is minimal once you figure out how you want to approach the task. I also understand not everyone will have the motivation to go to these lengths to protect their digital life. The most important thing I hope you take away from this article is a new found understanding of how important backups are if you don’t already have a system in place. You don’t have to follow the rule exactly (but you should!). No one will fault you for only using two external drives and rotating them. No one will fault you rotating thumb drives and keeping one in your desk drawer at work for safe keeping. You should, however, strive to introduce some method to get your files backed up away from your home if at all possible.

I’m going to leave you with a diagram outlining my backup system. It may seem a little complicated, but it’s about as bullet proof as I can make it. It works and it’s mostly automated. Feel free to critique my plan and share your own experiences in the comment section – I would love to hear how you backup your files!

click to view full size

15 thoughts on “3. 2. 1. Backup Your Computer!”

  1. BACKUP!!!! Is always good advice!!!! For all the PC’s I have worked on a backup was never performed. SAD!!!

  2. Excellent article, David.

    My plan:

    * the system drive (a SSD) on my old desktop is partitioned, one partition for the Windows+Programs, and another for data.

    * 2 internal regular hard drives (still running after about 7 years each).

    * 2 external hard drives, only connected when manually backing up.

    * Cloud storage for ‘some’ important files on Mediafire, 4shared, and Dropbox.

    * bunch of DVD’s and flashdrives for some files (music collection etc).

    I back up daily (nightly actually) to the 2 internal drives, all the files/folders that change using an old version of PowerDesk file manager. Once a week or so I backup up everything to the newer external drive using a great program called GoodSync. About once a month I backup everything to the older external drive.

    Once a month (or whenever I’ve made a few changes – installing programs etc), I run the superb freeware image program, Aomei Backupper and put those images on one of the internal drives and one or both of the externals. Those images are only the system files – Windows and Program Files – not the data partition. (And those Aomei images have saved me 3 times from my own errors since I started using the program.)

    Sounds like a lot of work, but not really since I’m so used to doing the nightly backups before I shut down each night.


    1. Very nice, Mike. I truly believe that not enough people understand the usefulness of a good drive image and it looks like you’ve found a system which works well for you – and one that’s saved your bacon! 🙂

    1. Norbert, thanks for that video. I especially appreciate how you don’t rush through the instructions like so many help videos do, and I like that yellow circle around the cursor – much easier to follow!

  3. Stu Mountjoy

    I once did a full backup, for the month, and two days later my HDD went phut! I only ‘lost’ one file, an attachment to an email – which I could get back, through the email system. But did a FULL restore (I now know why they call it Disaster Recovery, LOL) onto a new drive, and back in action like nothing happened.

  4. Great advice, EVERYONE should back-up their system on a regular basis, whether immediately when a file is created and/or edited, or hourly, or daily, or weekly… just back-up, preferably locally AND remotely.

    However, and I don’t want to throw cold water on the article, backing-up is NOT a bullet-proof solution to Ransomware, which is becoming increasingly sophisticated in ways that beggar belief. For instance, the more sophisticated Ransomware writers will offer “Tech Support” to help you get your data back once you’ve paid! They’re not being “nice,” they want people to know that if they pay they’ll get their stuff back… this is “business!”

    When Ransomware installs itself on your system it doesn’t immediately jump out at you – “BOO!!!” – and demand however many thousand Bitcoins to get your data back. It can sit in a system for weeks, even months, spreading itself around a network in a corporate environment, and, of course, to back-up drives, whether they be local or remote, before the dreaded “Ransom note” pops up on your screen.

    I work in IT, someone I know was hit by Ransomware last year; they didn’t pay, it took them over a month to clear it out of their network and back-ups… and they’ve just been hit again. In addition I know of two others who were hit, one a corporation and one individual; they both paid to get their files back.

    As I said, I’m not raining on the writers parade here, we should ALL be backing-up on a regular basis, but just be aware that this doesn’t make you immune to the threat posed by Ransomware.

    1. Hi HAL,
      Thanks for the comment!

      While I don’t think a backup is the end-all-be-all solution to ransomware I do believe it is our best course of recovery at the moment, and while ransomware is a huge concern (and it should be) the usefulness of backups for recovery from almost any computer disaster can not be underestimated!

      Without a good backup you have literally nothing.

  5. Thanks for the comments David, and I agree with you 100%, ransomware is a huge concern, and that without a good back-up you have nothing!

    There is some headway being made; Trend Micro, Kaspersky, Sophos, and Cisco, amongst others, have ransomware solutions out there, although, as with viruses and malware in general, they’re constantly playing catch-up.

    And then of course there’s the dreaded Zero Day hit, such as the Cerber attack against Office 365 users… it’s getting crazy out there! 🙁

  6. I always make an image backup after I’ve reset my PC back to factory conditions or after I’ve reset it using my previous (clean) image backup and then got Windows updates up to date. I believe this ensures that I always have a clean system image to fall back on.

    As for data, I keep all my files with identifiable personal information encrypted and backed up to the cloud and to 3 USB drives on a daily basis, My non-encrypted data is backed up in the same way,

    I used to keep one of my portable USB drives off site and rotate it every few weeks but I must admit that I haven’t done that for years 🙁 I will rectify this today!

    My questions are:

    1) Even if you disconnect or keep one backup drive off site, if ransomware gets on to your computer, won’t it get on to the off site drive as soon as you connect it to the infected PC?
    2) If ransomeware gets on to your computer and affects any of the folders that you back up to the cloud, surely it will reinfect your computer as soon as you download those folders back to your computer?

    1. Hi Sheri

      The answer to both your questions is potentially “Yes,” but at the very least, when you go to restore your data from your back-up, you may find you’re locked out of those files as well.

      As I said in my original post, we should ALL be backing-up on a regular basis, just don’t depend on the back-ups to be a bullet-proof solution to ransomware.

      And as I said in my follow-up post, most of the mainstream antivirus/malware vendors are getting in the game, Eset, Kaspersky, Sophos, Trend, and Cisco, amongst many others, although the Cisco solution is aimed squarely at the Enterprise market.

      I do know people who only go online via VM’s and tell me they’ve never had any “problems,” but, the average person doesn’t have the time, inclination, or expertise to set-up a Linux Distro just so they can catch up with their kids/grand kids on Facebook! LOL!

      So, back-up on a regular basis just as the article recommends, but also have a good internet security solution in place.

      Good luck!!!

  7. Shmuel Shimshoni

    To start off – I learned a lot from the mistakes of others. The first one being Moses.
    If he would have BACKED-UP the first set of the tablets before he broke them he would have saved himself the 40 days and 40 nights of replaating the Ten Commandments all over again.
    After each session I back-up whatever I was working on to a flash drive. in addition once a week I back-up to a second internal disk that i kept after updating a previous computer, giving me four hard drive partitions.

  8. The advice to store off site is a good measure especially the way the world is going thees days where data is king. if you are entrusting a backup to a third party, there’s some extra legwork you need to consider. is that person/service trustworthy?( in the case of cloud storage, it pays to read their terms and condition CAREFULLY especially with respect to their privacy policy and file/data sharing practices). with regards to carrying a USB device with you, it might be a good idea to keep it away from strong magnetic fields as this could potentially scramble the stored data you so painstakingly backed up onto it. oh and of course, do ensure physical backup media is kept under lock and key.

  9. @Shaun

    “With regards to carrying a USB device with you, it might be a good idea to keep it away from strong magnetic fields as this could potentially scramble the stored data…”

    That depends on if the device is a thumb drive or a portable hard drive. USB thumb drives are immune to magnetic interference while portable hard drives are not. Portable hard drives use the same magnetic platter technology as the fixed drive in your PC or laptop. Thumb drives do not. The technology used in thumb drives is immune to magnets.

Comments are closed.

Exit mobile version


Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!