Small Business Cyber Hygiene Series: Part 5: Back Up What Matters (The 3‑2‑1 Rule)

Introduction

Every business has data it can’t afford to lose, and the same is true for individuals. Customer records, financial documents, contracts, emails, and the files you rely on every day all need protection. Yet many small businesses don’t have a reliable backup strategy, and many people don’t either. When something goes wrong, the results can be devastating.

The good news is that modern backup tools make protecting your data simple and accessible. This article covers the essentials.

Why Backups Matter

Data loss can happen in many ways:

  • Ransomware encrypts your files
  • A laptop is lost or stolen
  • A hard drive fails
  • Someone accidentally deletes a folder
  • A sync tool overwrites or corrupts files

Backups give you the ability to recover quickly — without paying ransom, losing work, or shutting down operations.

Reliable backups:

  • Reduce downtime
  • Protect against ransomware
  • Support compliance requirements
  • Provide peace of mind

This is one of the most important cyber‑hygiene habits for any small business.

What Good Backup Protection Looks Like

A small business with strong backup practices typically has:

  • Automatic backups running daily
  • Multiple copies are stored in different places
  • At least one backup is stored offline or off-site
  • A simple process for restoring files
  • Regular testing to ensure backups actually work

This is where the 3‑2‑1 rule comes in.

The 3‑2‑1 Backup Rule (Made Simple)

The 3‑2‑1 rule is the gold standard for small business backups:

3 copies of your data

  • Your working files
  • A local backup
  • A cloud or off-site backup

2 different storage types

Examples:

  • Computer + external drive
  • Server + cloud backup
  • NAS + cloud backup

1 copy stored offsite or offline

This protects you from:

  • Ransomware
  • Fire or flood
  • Theft
  • Hardware failure

If ransomware hits your computer and your external drive is plugged in, both can be encrypted. That’s why an off-site or offline copy is essential.

What You Should Be Backing Up

Not everything needs to be backed up — but the important things do.

Critical data to protect

  • Financial documents
  • Customer records
  • Contracts and legal documents
  • HR and payroll files
  • Email
  • Shared drives and project files
  • Website content
  • Configuration files for key systems

Don’t forget

  • Mobile devices (photos, notes, messages)
  • Cloud apps (Microsoft 365, Google Workspace) — these are NOT automatically backed up

Backup Tools and Options

1. Local Backups

Local backups are fast and inexpensive.

Examples:

  • External hard drives
  • Network‑attached storage (NAS)
  • Built‑in tools like File History or Time Machine

Pros:

  • Fast recovery
  • Low cost

Cons:

  • Vulnerable to theft, fire, and ransomware
  • Not enough on their own

2. Cloud Backups

Cloud backups store your data securely offsite.

Examples:

  • Backblaze
  • CrashPlan
  • Carbonite
  • OneDrive / Google Drive (when used with true backup features, not just sync)

Pros:

  • Offsite protection
  • Automatic
  • Accessible from anywhere

Cons:

  • Slower to restore large files
  • Requires internet access

3. Sync Tools vs. True Backups

Tools like OneDrive, Google Drive, Dropbox, and iCloud are sync tools, not backups.

Sync tools:

  • Mirror changes instantly
  • If you delete a file, it’s deleted everywhere
  • If ransomware encrypts files, encrypted versions sync too

True backups:

  • Keep historical versions
  • Allow full recovery
  • Protect against ransomware and accidental deletion

Most businesses need both.

Test Your Backups

A backup that hasn’t been tested is a backup you can’t trust.

Test quarterly

  • Restore a file
  • Restore a folder
  • Confirm version history works
  • Confirm cloud backups are running

This takes 5–10 minutes and prevents major surprises.

Backup Checklist

Monthly

  • Confirm backups ran successfully
  • Check cloud backup status
  • Review storage capacity

Quarterly

  • Test restoring files
  • Review what data is being backed up
  • Confirm off-site backups are current

Annually

  • Replace aging external drives
  • Review your backup strategy as your business grows
  • Update your list of critical data

Key Takeaway

Backups are your safety net. The 3‑2‑1 rule — three copies, two storage types, one offsite — protects your business from ransomware, accidents, and hardware failures. With modern tools, it’s easier than ever to build reliable, automatic backups that keep your business running.

Need Help Building a Reliable Backup Strategy?

SQ Risk helps small businesses design simple, sustainable backup plans aligned with NIST CSF and real‑world needs.

Contact SQ Risk for a consultation

Continue to the next article in the series

Small Business Cyber‑Hygiene Series

Start Here:

  1. Introduction: Why Cyber‑Hygiene Matters
  2. Know What You Have (Identify)
  3. Protect Access: Passwords, MFA, and Accounts
  4. Secure Your Devices — Updates, Antivirus, and Hardening
  5. Back Up What Matters — The 3‑2‑1 Rule (You are here)

Next Articles:
6. Defend Your Inbox — Phishing & Email Security
7. Monitor for Trouble — Detection Basics
8. Respond Effectively — What To Do When Something Goes Wrong
9. Recover Quickly — Getting Back to Normal
10. Build a Security‑First Culture
11. Bonus: Safe Use of AI for Small Businesses
12. Cyber‑Hygiene Checklist: A One‑Page Summary

©2026 SQ Risk Management Solutions LLC. All rights reserved.