Backup Best Practices: Why You Should Follow the 3-2-2 Rule

JUNE 17TH, 2020

The FBI’s Internet Crime Center (IC3) received 467,361 complaints in 2019—nearly 1,300 every day according to its 2019 Internet Crime Report. The report goes on to say that losses to businesses and individual victims totaled more than $3.5 billion. The costliest attacks? Compromised business emails and spoofing resulting in ransomware locking up vital systems or personal information. Add in hardware and software failures, natural disasters, and the new risks that come with a remote workforce and it’s clear your data is in danger. All of these risks should have anyone responsible for the security of his organization’s data deeply concerned. Mitigating these risks means preparing for disaster before it strikes. 


To that end, most of us involved with IT are familiar with the 3-2-1 backup rule. It breaks down like this: keep at least 3 copies of your data, store 2 copies on different storage media, and make sure 1 of them is stored offsite. With today’s greater risks the 3-2-1 rule has evolved into the 3-2-2 rule. (It really could be called the 3-2-1+1 rule, but we’re keeping things simple). Here’s how the 3-2-2 rule breaks down:

  • Keep 3 copies of your data
  • Store 2 backup copies locally but on different devices
  • Store 2 copies offsite (1 copy in a remote location + 1 copy to the cloud)

Often, if the two devices where you store your local copies are attached and/or in the same building, they’ll both be affected if disaster should strike. That’s why it’s so important to continuously replicate data to the cloud so your files are protected and the amount of your data that’s at risk is minimized. Another reason that the 3-2-2 rule is important is that, while you may believe you’ll never get hit by a natural disaster like a hurricane, you might experience a fire, flood, theft, voltage surges, or malicious attacks from cybercriminals that puts your data at risk no matter where it is stored. Replicating your data offsite and to the cloud helps mitigate that risk. At one time planning for disaster meant devoting time and resources to setting up and testing data recovery at an offsite location. But with the cloud now offering security and data protection you don’t need to devote as much time and money because cloud services now work easily with onsite infrastructures. In today’s data threat landscape, it’s not a matter of if, but when disaster will strike an organization. Whether it’s Mother Nature unleashing a natural disaster or cybercriminals wreaking havoc on your data, no organization can afford to wait until after a problem exists to take action. Take action now by learning more about backup and disaster recovery solutions designed to fit your organization at

You May Also Like