Apply the 3-2-1 backup rule
Keep 3 copies of important data, stored on 2 different types of media, with 1 copy held offsite or in the cloud. This approach protects against ransomware, hardware failure, fire, and theft simultaneously.
Why this matters
Ransomware attacks succeed most often because the victim had only one backup — and ransomware encrypted that too. The 3-2-1 rule ensures that no single incident — fire, theft, ransomware, or hardware failure — can destroy all of your data. Once set up, it runs automatically with minimal ongoing effort.
How to do it
- Identify your three copies: your primary data (on your computer), a local backup (external hard drive), and an offsite backup (cloud storage service).
- Set up automatic cloud backup using iCloud, Google One, OneDrive, or a dedicated service like Backblaze (£7/month for unlimited storage).
- Purchase an external hard drive and connect it at least monthly for a local backup using Time Machine (Mac) or Windows Backup.
- Ensure both cloud and local backups are running on schedules — check both within the next week to confirm they are up to date.
- Test restoration from each of the three sources by recovering a single file — recovery is the only thing that actually matters.
Cyber Essentials framework
This task falls under the Secure Configcontrol — one of five areas assessed in the UK's Cyber Essentials scheme. Completing it counts toward your Cyber Essentials alignment.
Track your full security score — free
Create a free account to check off tasks, see your Security Score, and build toward Cyber Essentials alignment.
Start your free security check