3-2-1 Rule: The Easiest Way to Secure Backups
In 2024, 147 Polish medium-sized companies stood on the brink of bankruptcy after a ransomware attack. Most of them thought they had a backup, but when it came to data recovery, files were either encrypted or damaged. At Conner Whitlock, since September 2016, we have applied the iron 3-2-1 rule, which protects our clients' assets against such scenarios.
Three copies are an absolute minimum
Have only one copy of data? That's like having none at all. Statistics from our 483 audits conducted since 2017 show that a single external drive fails after an average of 3.2 years of intensive use. If you keep all invoices, contracts, and projects only on the office server, you risk everything with every power surge or power supply failure. The three-copy rule means that in addition to the original, you have two additional, independent data sets. It's pure mathematics that drastically reduces the risk of error.
At Conner Whitlock, we do not compromise on this issue. We have seen too many failures where one human error deleted data from the main drive and 'accidentally' overwrote the only backup. Having three copies makes the chance of simultaneous failure of all media drop to 0.7%. This is a concrete value that allows the board to focus on making money, not on praying for the efficiency of an old server in the basement at ul. Modlińska.
A single copy is just an illusion of security. Statistically, it will fail you at the least appropriate moment.
Two different data media
Keeping all copies on identical USB drives is a novice mistake. In March 2018, we served a logistics industry client where a faulty batch of controllers damaged three identical arrays in the same week. Therefore, the 3-2-1 rule requires the use of at least two different recording technologies. This could be a combination of a fast NAS server with traditional mechanical drives and recording in the cloud or on permanent optical media.
Diversity of technology protects you from errors specific to a given manufacturer or file format. If a virus attacks the Windows operating system and damages NTFS partitions, your copy on another file system or in a secure cloud container will remain intact. At Conner Whitlock, we recommend a mix of local solutions for speed and cloud solutions for independence. This approach has saved 42 companies in the last 23 months from total operational paralysis.
One copy completely out of the office
Fire, flood, or equipment theft in the office are real threats that no one wants to think about until they happen. If all your backups are in the same building as the server room, you risk losing them in a single random incident. The '1' in the 3-2-1 rule says clearly: one copy must be stored in a different geographic location. A minimum distance of 35 km from company headquarters is the standard we apply to avoid problems related to local power outages or floods.
Today, the easiest way to fulfill this point is encrypted backup to the cloud. However, it's important that this data is physically in another data center. For example, if your office is in Warsaw, the copy should land in the Frankfurt or Amsterdam region. At Conner Whitlock, we configure such connections so that data transfer takes place at night, not burdening the company link during the work of our 14-person specialist team monitoring client systems.
Geographic dispersion of data is the only effective protection against physical destruction of the company.
Recovery testing – hard facts
A backup that cannot be restored does not exist. This is the most brutal lesson learned by companies that ignore regular tests. Our observations show that 27% of automatic backup processes end in an error that the administrator learns about only when trying to recover files. At Conner Whitlock, we conduct 'Total Disaster' simulations for every client at least once a quarter. We then check if the backup is readable and exactly how many minutes it takes to return to full efficiency.
The average restoration time of critical systems for our clients is 2h 14min. Without regular tests, this time often extends to several days, which at downtime costs of 11,300 PLN net per hour, generates losses going into hundreds of thousands of zlotys. Do not trust the green icon in the backup program. Trust the procedure that was checked and signed by an IT specialist on the last Thursday of the month. Only such an approach guarantees real business continuity.
Implementation costs vs. loss costs
Implementing the full 3-2-1 rule in a medium-sized company costs around 4,700 - 8,900 PLN net for equipment and configuration. Compared to the average ransom demanded by hackers in 2024 (which was about 234,000 PLN), this is a negligible expense. This investment pays off at the very first major disk failure, which without backup would cost the company at least 3.2 man-hours of each employee devoted to recreating documentation.
At Conner Whitlock, we don't sell software boxes. We provide peace of mind for the board. We know that 87% of business owners in Poland don't know where their backups are physically located. We know, monitor, and report every 30 days. Honestly, we are not the cheapest on the market, but our methods work when everything else fails. Check your systems now before malicious software or a regular equipment failure does it for you.
