Skip to Main Content

3-2-1 Secure! 

Healthy planning for the future is, in many ways, one of the hardest things we do in our personal lives. It’s really no different in our businesses.

But Cybersecurity Awareness Month is a great time to step back and look at the preventative measures you may, or may not, have implemented for your business.

Keeping your information and the information of those you may serve is obviously paramount, but what happens when that information is already compromised? Too often, a bulk of security resources are invested in keeping the bad guys out. Not enough thought is given to what happens when the bad guys are already in.

Let me discuss the most effective way to increase your post-incident security posture.

Backing up your data is crucial not only in face of threat actors, but also given the likelihood of natural disasters, power-outages, or even human error. The 3-2-1 method of backing up data is hailed by cybersecurity professionals from around the globe.

The National Cyber Security Center says, “The most common method for creating resilient data backups is to follow the 3-2-1 rule,” and NIST (The National Institute of Standards and Technology) agrees, saying, “To increase the chances of recovering lost or corrupted data, follow the 3-2-1 rule.”

The 3-2-1 rule has a simple structure:

  • Keep at least three copies of any critical file
  • Store the critical files on two different types of backup media
  • Have one copy completely off site

Simple, right? In thought yes but implementing this method at scale requires careful planning. This means that each critical file deserves one primary copy and two backup copies. Not only that, but two of the three copies should be different types of media.

Using the example of a single critical file, one copy is stored on a computer. The second copy could be stored in a secure cloud-based form within Secret Server. The final copy could be stored on classic, reliable, and cheap tape drive format. Finally, that tape drive could be driven off site and locked away safely.

However laborious this process may seem; it is well worth it to have assurance that your data is recoverable within the tumultuous cyber landscape we face today. Nobody wants to negotiate with ransomware groups or sweat over that flood near the server room.

Implementing 3-2-1 backup methodology for your business could prevent those scenarios from keeping you awake at night. Just contact us for a free consultation with our security team.

About the author

Andrew Kinsel is a Cybersecurity Analyst with the LRS IT Solutions Security Team.