In 2018, I lost four years of PhD research in a single night. One external drive, one mechanical failure, no second copy. The clean-room recovery cost $1,400 and salvaged only 60% of the files — the missing 40% were exactly the most recent chapters, never printed. In 2022, LockBit ransomware hit the family computer: 15 years of photos, birth videos, tax archives. My wife was in tears. Since then, I apply the 3-2-1 rule with military discipline — encrypted Borg on a NAS, continuous Backblaze cloud backup, external drive rotated offsite every quarter. Those two incidents are what this guide is for.
What Is the 3-2-1 Backup Rule?
The 3-2-1 rule was formalized in 2009 by Peter Krogh, an American professional photographer and author of The DAM Book: Digital Asset Management for Photographers. Krogh was looking for a simple mnemonic for photographers losing thousands of shots due to broken backup workflows. He distilled decades of IT best practices into three numbers.
3 copies of your data. The original counts, plus two independent backup copies. The statistical reasoning: the probability of three independent storage devices failing simultaneously is negligible. An HDD has an annual failure rate (AFR) of 1.5 to 2.5% according to Backblaze 2024 data across 300,000 drives. Two independent drives have a simultaneous failure probability of 0.02 to 0.06%. Three independent drives: under 0.001%. That's sufficient for practical protection.
2 different media types. Two drives of the same brand, model, and manufacturing batch have correlated failure probability — a manufacturing defect or power surge hits them all simultaneously. Two different media types — an external HDD and a cloud service, or a local disk and a NAS — eliminate this correlation. Technological diversity is the principle.
1 offsite copy. This is the most neglected and most critical number. A flood, a fire, a hardware theft: if all your copies are in the same room, they disappear together. The offsite copy can be physical (a drive at a parent's house, a secondary office) or logical (cloud). Cloud storage has democratized access to this offsite copy, once reserved for enterprises with large budgets.
The 3-2-1 rule wasn't invented by Peter Krogh: the underlying principles have existed in enterprise IT since the 1970s with magnetic tape. What Krogh contributed was a pedagogical formulation that makes it memorable for anyone in thirty seconds.
Why the 3-2-1 Rule Works Against Every Risk
The power of the 3-2-1 rule is that each number protects against a distinct risk. Understanding this logic means understanding why you can't remove any one of them without creating a blind spot.
Hardware failure: the 3 is enough. A desktop or laptop HDD has an AFR of 1.5 to 4% according to Backblaze 2024 data. An SSD has a lower AFR (0.5 to 1%) but different failure modes (silent corruption, firmware issues, wear leveling). With a single copy, every drive failure is a catastrophe. With two copies on different media, the probability of loss drops by a factor of 100. With three independent copies, protection against simple hardware failure is essentially total.
Ransomware: the 1 offline copy is critical. Modern ransomware (LockBit, BlackCat, Cl0p) deliberately targets backups. It scans the local network, encrypts NAS shares, connected USB drives, and Windows Volume Shadow Copies. A permanently connected backup is no longer a ransomware backup — it's just an encrypted copy waiting to happen. An offsite cloud copy with versioning (Backblaze, Wasabi, B2) or a physically disconnected drive are the only effective defenses. My encrypted Borg drive — which I always disconnect after every run — survived the 2022 LockBit incident untouched.
Fire and flood: the 1 physical offsite copy is irreplaceable. A residential fire destroys an average of 85% of room contents within the first 15 minutes. A flooded apartment shorts out electronics within hours. Neither the NAS in the living room, nor the drives in the desk drawer, nor the laptop on the table survive. Only a copy in a separate location — cloud, a relative's home, a bank safe deposit box for highly critical data — guarantees continuity.
Accidental deletion: versioning saves you. The 3-2-1 rule doesn't explicitly mandate versioning, but modern implementations include it. If you accidentally overwrite a file and your cloud backup syncs the overwritten version, all your copies are corrupted simultaneously — exactly the failure mode of sync services like Dropbox or Google Drive without versioning enabled. Backblaze Computer Backup retains versions for 30 days (1 year with Extended Version History). BorgBackup retains as many snapshots as your storage allows. This versioning turns backup into a time machine.
Modern Evolutions: 3-2-1-1-0, 4-3-2, and Hybrid Cloud
The 2009 3-2-1 rule has evolved to address modern threats. Three variants are now established.
The 3-2-1-1-0 rule (Veeam, 2012). Veeam Software, an enterprise backup solutions vendor, formalized two critical additions. The extra 1: keep at least one offline or air-gapped copy — a physically disconnected drive or an offline LTO tape. This number neutralizes network ransomware that cannot encrypt what it cannot see. The 0: zero errors verified on the last restore test. This is the most practically important addition, because an untested backup is one whose functionality is unknown. Industry studies cited by Veeam indicate that 58% of restores fail during a real incident when they've never been tested under real conditions.
The 4-3-2 rule (professional photographers and creative studios). For professionals whose data represents their business capital — photographers with 50 MB RAW files per shot, video studios with 4K rushes, architects with 10 GB BIM files — the 4-3-2 adds an extra layer: 4 copies, 3 media, 2 offsite. The second offsite is typically a secondary cloud (Backblaze B2 + Amazon S3 Glacier) or a drive in a bank safe for the most precious captures. A wedding photographer with 500 GB of irreplaceable RAW files has an economic obligation toward 4-3-2.
The hybrid local + cloud approach (2026 standard). For 95% of home users and SMBs, the practical 2026 approach combines: a local NAS (Synology, QNAP) with RAID for hardware redundancy + backup software with scheduling (EaseUS Todo Backup, Acronis) for local snapshots + Backblaze or Wasabi for cloud offsite backup. This combination covers all risks at a reasonable cost (under $30/month for a 5-workstation SMB with 2 TB of data).
Recommended Tools 2026: Full Comparison
| Tool | Platform | Price 2026 | Encryption | Deduplication | Automation | Best for |
|---|---|---|---|---|---|---|
| EaseUS Todo Backup | Windows | $29.95/year (Home) | AES-256 | No | Yes (scheduler) | Home/SMB Windows |
| Acronis True Image | Win + Mac | $49.99/year | AES-256 | No | Yes | Full system image |
| BorgBackup | Linux/Mac | Free (GPL) | AES-256 + HMAC | Yes (block) | Via cron | Homelab, Linux server |
| Restic | Win/Lin/Mac | Free (BSD) | AES-256 | Yes (content) | Via cron/task | Multi-cloud, cross-platform |
| rsync | Linux/Mac | Free (GPL) | Not native (via SSH) | No | Via cron | Simple network copy |
| Backblaze Computer | Win + Mac | $9/month | AES-256 | Yes (cloud-side) | Continuous automatic | Home user, unlimited offsite |
| Backblaze B2 | API/S3 | $6/TB/month | AES-256 | Via client | Via client | SMB, object storage |
| Wasabi | API/S3 | $6.99/TB/month | AES-256 | Via client | Via client | B2 alternative, no egress fees |
EaseUS Todo Backup is the best choice for non-technical Windows users. It creates full system images (restorable on different hardware via Universal Restore), supports incremental and differential backup, and automatically schedules daily jobs. The Home edition at $29.95/year covers one PC. The Workstation edition ($59.95/year) adds dissimilar hardware restore. Prices verified on easeus.com in June 2026.
BorgBackup excels for Linux environments and photographers with large volumes. Borg's block-level deduplication is particularly effective on similar files (RAW exports from the same session, databases with few changes). A 500 GB RAW repository in Borg typically occupies 300 to 380 GB depending on inter-session duplicates. Native ChaCha20-Poly1305 or AES-CTR encryption available from initialization.
Restic is superior to Borg for multi-cloud and Windows needs. It natively supports Backblaze B2, Amazon S3, Google Cloud Storage, Azure Blob, SFTP, and local repos — no third-party plugins. The restic backup command is identical regardless of backend.
Backblaze Computer Backup remains the simplest and cheapest offsite choice for home users: install the client, forget it, know that $9/month covers unlimited volume. Key limitations: 1 computer per license, slow network restoration for very large volumes, no backup of network directories (local drives only).
★ Éditeur fondé en 2004 · ✓ Garantie 30 jours · Version gratuite jusqu'à 2 Go
Set Up EaseUS Todo BackupFree version available · Home $29.95/year · Automatic scheduler + system image + Universal Restore→3-2-1 Setup Step by Step: 3 Concrete Scenarios
Scenario 1 — Home User (budget ~$220/year)
Goal: protect photos, documents, emails, Windows profile against failure, ransomware, fire.
Hardware: 4 TB USB 3.0 external HDD (~$90, WD Elements or Seagate Expansion) + Backblaze Computer Backup ($9/month) + EaseUS Todo Backup Home ($29.95/year).
Configuration:
- Connect the external drive. In EaseUS Todo Backup, create a "System Image" job — target: external drive. Schedule: weekly (Sunday 3 AM). Incremental mode with 4-week retention.
- Install Backblaze Computer Backup. On first launch, select folders: Documents, Photos, Desktop, project folders. Let the upload run in the background (allow 2 to 5 days for 100 GB depending on upload speed).
- Configure automatic drive ejection after each EaseUS job (enable "Eject after backup" in job settings). A disconnected drive cannot be encrypted by ransomware.
- Monthly check: open Backblaze, verify last snapshot date. In EaseUS, check the last job report (status "Success"). Restore a test file from each medium.
Result: 3 copies (Windows original + EaseUS image + Backblaze cloud), 2 media (local HDD + cloud), 1 offsite (Backblaze). 3-2-1 rule achieved for approximately $220 the first year.
Scenario 2 — 5-Workstation SMB (budget $150-250/month)
Goal: GDPR compliance, business continuity, protection against SMB-targeted ransomware.
Infrastructure: Synology DS423+ NAS with 4 × Seagate IronWolf 4 TB in RAID 6 (tolerates 2 simultaneous drive failures) + EaseUS Todo Backup Business (network license) + encrypted Backblaze B2 bucket.
Configuration:
- On each workstation, configure EaseUS Todo Backup Business with a daily differential job to the NAS (project folders and user profiles). Schedule at 11 PM, outside working hours.
- On the Synology NAS, enable Cloud Sync to Backblaze B2 (native Synology app). Configure sync of the backup destination only — not the entire NAS mirror, too expensive. Client-side encryption with the company's own key before upload.
- Configure a Synology Hyper Backup task to a rotating external drive (3 physical drives labeled A/B/C, weekly rotation, one drive always kept offsite). This is the air-gapped copy of the 3-2-1-1-0 rule.
- Test a full workstation restore (from the NAS image) once per quarter. Document actual restore time (real RTO vs target RTO).
Result: 3-2-1-1-0 implemented. Daily incremental local copies + RAID NAS + encrypted B2 cloud + air-gapped offsite drive. GDPR Article 32 compliance (appropriate technical measures).
Scenario 3 — Professional Photographer (budget $80-120/month)
Goal: protect irreplaceable RAW files (typically 50 to 200 GB per wedding or shoot), 4-3-2 rule recommended.
Field workflow: after each shoot, immediately copy SD cards to the laptop AND to a portable SSD (Samsung T7 Shield or SanDisk Extreme Pro). Never erase SD cards until both copies are verified.
Studio infrastructure: Synology DS923+ NAS with 4 × WD Red Plus 8 TB in RAID 5 + BorgBackup on the NAS for deduplicated snapshots to a second remote NAS (office or trusted family with decent connection) + Backblaze B2 for cold archiving of delivered shoots.
Frequency:
- Immediate (field): SD card → laptop + portable SSD
- Daily (studio): laptop → NAS RAID via BorgBackup (block dedup, 500 GB RAW typically compressed to 320 GB in Borg repository)
- Monthly: NAS → Backblaze B2 Glacier (cold archive, $2/TB/month for rare retrieval)
- Annual: export most precious projects to LTO-8 tape if volume > 10 TB
Result: 4-3-2 achieved. SD card (1) + laptop (2) + studio NAS RAID (3) + remote NAS (4). Media: flash/SD, portable SSD, NAS HDD, cloud. Two offsite copies: remote NAS + B2.
Testing and Verification: The Step 90% of People Skip
An untested backup is not a backup. It's a copy you hope will work when needed. That distinction isn't rhetorical: according to a Veeam study across 3,000 companies, 58% of restores fail during a real incident when backups were never tested. The most frequent causes: silently corrupted backup file, undetected physical media degradation, software or version change incompatible with the old format.
Minimum monthly test. Restore a random file from each backup medium and verify it opens correctly. With EaseUS Todo Backup, use the "Browse backup" function to access files without a full restore. With Backblaze, download a file via the web interface. With BorgBackup: borg extract --dry-run ::archive-name path/to/file to verify without physical restoration.
Annual full restore test. Once a year, restore a complete image to a test machine or VM. For an SMB, this validates the real RTO — how many hours are actually needed to return a workstation to operational state. On Windows with EaseUS Todo Backup, a 256 GB workstation restores in 45 to 90 minutes from a local NAS over gigabit Ethernet.
Automated monitoring. Professional tools send email alerts on job failure. Configure these alerts in EaseUS Todo Backup (Notification Center → Email SMTP) or in Backblaze (Dashboard → Notifications). For BorgBackup, the borgmatic wrapper script adds monitoring and alerts via services like Healthchecks.io — an HTTP ping is sent after each successful run, and an alert fires if no ping arrives within the expected window.
Archive integrity verification. Magnetic tapes degrade, HDDs accumulate bad sectors, .zip or .tar files can silently corrupt. BorgBackup has borg check --verify-data which reads and verifies every repository chunk. Restic has restic check --read-data for the same purpose. EaseUS Todo Backup includes a "Verify backup" option in each job's properties — enable it systematically.
Critical Mistakes to Avoid
Mistake 1: the untested backup. Detailed above, this is statistically the most costly error. Even a 5-minute monthly check catches 80% of problems before they become catastrophic.
Mistake 2: permanently connected backup. A USB external drive plugged in 24/7 is encrypted in 3 to 8 minutes by modern ransomware like LockBit 3.0 or BlackCat. If that's your only backup copy, you've lost. The solution: disconnect after each job (manual or automatic via EaseUS "Eject after backup"), or use a cloud service with immutable versioning. Backblaze B2 or AWS S3 Object Lock prevents any deletion or modification of a version, even by the bucket owner, for the configured duration.
Mistake 3: RAID is not a backup. RAID 1 (mirror) duplicates data in real time. If you accidentally delete a folder, the deletion propagates instantly to both mirror drives. If ransomware encrypts your RAID volume, both drives are encrypted simultaneously. RAID protects against the hardware failure of one drive — useful, even recommended for a NAS. But it is not a backup. It's an availability layer.
Mistake 4: snapshot is not a backup. LVM, ZFS, or Synology Snapshot Manager snapshots are point-in-time filesystem states stored on the same volume — often on the same drive. A snapshot protects against recent accidental deletion if the drive still works. If the drive fails or the NAS is stolen, snapshots disappear with the drive. Snapshots complement a 3-2-1 strategy; they don't replace it.
Mistake 5: neglecting backup encryption. An unencrypted cloud backup or a lost/stolen external drive exposes all your personal and professional data. BorgBackup and Restic encrypt by default on initialization. EaseUS Todo Backup offers AES-256 encryption in each job's options. Backblaze encrypts server-side by default, with a personal private key option for those who don't want to trust the service.
Mistake 6: backup without a documented restore plan. In a crisis situation (ransomware at 2 AM, NAS failure the day before a client delivery), nobody searches for documentation. The restore procedure must be written, printed or stored in an offline location (local password manager, bank safe deposit box), and tested. Two pages are enough: how to boot in rescue mode, where the restore drive is, which software, in what order.
For more on recovery when backup fails, see our complete hard drive data recovery guide 2026 and our data recovery cost comparison. For open-source recovery tools, our TestDisk vs PhotoRec guide covers both tools in depth. If you need to configure automated backup on Windows or Mac, read our Windows and Mac automatic backup guide 2026. To choose the best recovery software, our 2026 comparison tests 8 tools across 200 real scenarios.
★ Éditeur fondé en 2004 · ✓ Garantie 30 jours · Version gratuite jusqu'à 2 Go
Set Up EaseUS Todo Backup NowAutomatic scheduler · Full system image · Universal Restore · Free version available→★ Éditeur fondé en 2004 · ✓ Garantie 30 jours · Version gratuite jusqu'à 2 Go
Get EaseUS Data Recovery Wizard30 jours satisfait ou remboursé→
