How to Build a “3-2-1” Backup Strategy

The threat of a natural disaster, theft, or especially a cyber-attack impacting the information assets and technology within accounting firms has never been as high as it is now, making backups and disaster recovery a priority. Learn how to create your plan, here.

minute read

Last Updated July 5, 2023

Category Cloud hosting


Updating Your Backup Strategy

You’re sipping your morning coffee as you turn on your computer for the day, and rather than seeing your familiar background, you have a bright red notice: “Your files are encrypted and can only be unlocked if you pay a ransom.” After the initial panic subsides, you begin to think rationally: “No problem, I can just restore all my files from my backups.”

Think right now: How sure are you that your data backups are current, complete, and that you can recover from this scenario (or, for that matter, a fire, theft, or accidental overwriting of critical files)? Compound that with the hasty move to remote computing created by COVID-19. Think about whether current copies of all the work being done remotely are also being properly backed up by your existing system.

Chances are they are not, making it a good time to review your data backup strategy and consider taking advantage of current automated solutions. Today’s products not only allow you to restore individual files and previous versions of your entire network but can also back up remote user data and even fire up virtual servers in the cloud to be an integral component of your firm’s business continuity/disaster recovery plan.

Out with the Old

If you are still relying on physical media—such as a solo network-attached storage (NAS) drive, flash drives, DVDs, or even actual tapes—your firm is at risk. These backup types most often require the constant physical intervention of creating and verifying the backups and taking them offsite to a secure location. We often find in consulting with firms that there is seldom consistent follow-through on manual backup procedures, particularly when the person primarily responsible for doing so goes on vacation or there is a staffing change. Modern backup solutions are automatic, verify completeness of the process, and notify firm members if there is a problem or anomaly that requires attention.

Starting with Backup Basics

When evaluating solutions, it’s important to build around the basics. Even when utilizing cloud providers, the basic 3-2-1 rules still apply.

3—You should have a minimum of three different copies of data (your original production data and two backup copies) in addition to any archival copies you plan to keep.

2—Your copies of data should be stored on at least two different types of media (i.e., NAS, cloud).

1—You should have at least one copy kept offsite (i.e., secure location, cloud). Best practices also recommend that at least one backup is air-gapped (backup is physically or virtually disconnected from the network) and immutable (backup is in a state where it can’t be changed in any way). These are features available with modern backup solutions that are designed to counteract a ransomware attack.

Onsite Accessible Images

If your firm maintains servers/data locally, you will want to ensure that any changes are backed up throughout the day. This can be accomplished with on-premises storage devices that automatically create shadow copies every 1-2 hours. The benefits of having the second copy onsite are that files can be easily accessed and restored when needed, including previous versions, and that they run quickly. These features and many more are more effectively managed by modern backup applications on NAS or vendor-configured storage devices. However, these on-premises solutions don’t protect the firm in the event of a local disaster or theft, which is why an offsite third copy is needed, and why firms should evaluate today’s integrated cloud solutions.

Backups to the Cloud

Physically moving backup media offsite is fraught with problems, including user follow-through, accessibility, and security. This is why firms should evaluate solutions that automatically backup data offsite via an encrypted fashion. While backing up all files via the internet can take a significant amount of time, modern solutions allow for intermediate backups to be incorporated during the week, with full weekly backups being conducted on weekends to minimize the impact during working hours. Intermediate backups during the week would include differentials, which are backups of all files that have changed since the last full backup, making each daily file larger.

However, these are quick to restore, as only the full backup and latest differential backup would need to be restored. Intermediate backups can also be incremental. Incrementals are backups of all files that have changed since the last backup was made. This means that the full backup and each daily incremental file up to the point of loss would have to be restored, taking more time. Modern solutions integrate these different intermediate solutions to more efficiently restore both individual and full system files. The latest solutions also have the ability to restore the data to a virtual environment where the firm can run the applications remotely, similar to how cloud applications and hosting providers function.

What is the cloud, anyway? Download The Cloud: What, Why and How for a quick course on how cloud technology helps protect data.

Cloud Application Impact on Firm Backups

With more and more applications transitioning to the cloud (think Microsoft 365) or being hosted by cloud vendors that incorporate a comprehensive backup strategy, the internal requirements to back up may be reduced but still should be verified within the service level agreements of those providers. If the provider cannot meet the 3-2-1 backup rules, firms should take advantage of evolved recovery solutions and consider additional solutions to ensure their client data is adequately backed up. Again, there are modern solutions that allow for faster, more comprehensive backups and live recovery, and firms should evaluate these solutions against the capabilities of their existing systems.


The threat of a natural disaster, theft, or especially a cyber-attack impacting the information assets and technology within accounting firms has never been as high as it is now, making backups and disaster recovery a priority. Firms should review the capabilities of their current backup processes and compare them to those that are specifically designed to counter current cyber and ransomware threats.

A version of this content originally appeared in the Thomson Reuters Accounting and Auditing Newsletter. 

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.