If you only have one copy of something, you don’t really have it.
I have watched people lose years of photos, entire project folders, and business-critical databases because they thought “it’s on the server” meant it was safe. Drives fail. Ransomware encrypts. Someone accidentally deletes the wrong folder on a Friday afternoon. It happens, and it happens more often than most people think.
The 3-2-1 rule is the simplest backup strategy that actually works. I use it at home, I use it at work, and I have never lost data because of it.
The Rule
Three copies of your data. Two different types of storage. One copy offsite.
That’s it. If you follow this, you can survive any single point of failure: a dead drive, a fire, a ransomware infection, or even your own mistakes.
What Each Part Means
Three copies
Your original data plus two backups. If one backup fails or is corrupted, you still have another. This protects against hardware failure and accidental deletion at the same time.
Two different media types
Don’t put all copies on the same kind of storage. If your data lives on spinning drives, put a backup on an SSD or optical media. If it’s on a NAS, put a copy on an external USB drive. Different media types fail for different reasons at different times. Keeping both on the same RAID array does not count as two.
One copy offsite
At least one backup needs to be physically somewhere else. If your house floods, your server and your external drive sitting next to it are both gone. Offsite can mean a cloud backup service, a drive at a friend’s house, or a safety deposit box. The point is physical separation.
How I Do It
At home (HomeLab):
- Primary data lives on a RAID 5 array (that’s copy one)
- Nightly automated backup to a separate internal drive (copy two)
- Weekly encrypted backup pushed to cloud storage (copy three, offsite)
For projects (QuietKeep, QuietLedger):
- Working copy on my development machine
- Pushed to GitHub after every meaningful change
- Local backup on a separate drive that runs nightly
At work:
- Production data on redundant storage
- Daily backups to a secondary location on the network
- Weekly tape or cloud rotation for offsite
Common Mistakes
- RAID is not a backup. RAID protects against a single drive failure. It does not protect against accidental deletion, ransomware, or the array controller dying. RAID is uptime, not backup.
- Syncing is not backing up. If you delete a file and it syncs, it’s deleted everywhere. Backups need to be versioned or point-in-time.
- “I’ll do it later” is how data loss happens. Automate your backups. If it requires you to remember, it will not get done consistently.
- Untested backups are not backups. Restore from your backup at least once. If you’ve never tested a restore, you don’t know if it works.
Tools That Work
- rsync Free, scriptable, works on any Linux system. Great for local and remote copies.
- Duplicati Open source, encrypted, supports cloud targets. Good for offsite.
- Proxmox Backup Server If you’re running VMs, this handles incremental backups with deduplication.
- Veeam Community Edition Free for up to 10 workloads. Solid for mixed environments.
- BorgBackup Deduplication and encryption built in. Fast incremental backups.
What You Should Do Right Now
- Count how many copies of your important data exist right now.
- Check if they’re on different media types.
- Verify at least one copy is physically somewhere else.
- If any of those three checks fail, fix it today.
- Automate whatever you set up so it runs without you thinking about it.
You do not need expensive software or enterprise hardware. A cron job running rsync to an external drive gets you started. Add a cloud target later for offsite. The important part is starting.