Thought Leadership

Does the ‘3-2-1 Rule’ Protect Your Data Against Ransomware?

(September 2020) The “3-2-1 Rule” provides a simple but effective strategy for protecting data against loss or corruption:

·         Maintain at least three copies of your data, including the primary data source and two backups. Maintaining multiple copies decreases the risk of catastrophic data loss.

·         Store the copies on at least two different media. Maintaining the primary and backup copies on different storage platforms decreases the risk that all will be lost should one fail.

·         Keep at least one backup copy offsite. If there is a site disaster such as a fire or flood, or malware that infects all onsite systems, the offsite copy will not be impacted.

However, the 3-2-1 Rule omits an important additional requirement in the age of malware and ransomware.


The problem is that the 3-2-1 Rule as written is not always implemented properly and can leave organizations at risk to a ransomware attack. The offsite copy needs to be offline or immutable to protect against malware that compromises backups as well as production data.

The benefit of storing one backup copy offsite is to maintain physical separation from the production IT environment. Back in the days when backups were written to tape, organizations simply transported the tape media to an offsite location.  These tape backups were considered “offline” and not immediately accessible from the network.

Increasingly, however, organizations have moved away from tape backup in favor of disk-based backup storage or cloud solutions. If your backup target is always online it is likely vulnerable to ransomware, even if it is physically located in a different facility or the cloud.

Fortunately, backup vendors are slowly implementing enhanced security and immutability features into their products to mitigate the risks posed by ransomware. However, options are still limited, and implementation can be complex depending on the solution.

Protecting Your Backups in the Age of Ransomware

Data backup security is easily overlooked. Most vendor solutions offer “good enough” security under the guise of eliminating complexity while ensuring ease-of-use. In addition to the 3-2-1 Rule and immutability, there are some basic steps to consider for better protecting your backups from compromise:

·         Restrict physical and network access to your backup hardware and software. Utilize unique credentials with strong passwords to minimize the risk of compromise.

·         Harden the operating system of your backup server. Most vendors publish best-practices documents covering recommended hardware and software configuration to prevent unauthorized access or threats from malware/ransomware.

·         Keep your backup infrastructure up to date. Install operating system updates and vendor software updates regularly to take advantage of new features and security enhancements.

Maintaining a backup environment that secures your data, provides quick recovery, and ensures immutability can be complex. Contact Mainstream Technologies for help designing, implementing, hardening, and managing your backup infrastructure or to learn more about GetITBack, Mainstream’s 3-2-1-compliant backup solution for your business.


Since 1996, Mainstream Technologies ( has established itself as one of the most respected technology companies in Arkansas. Our team of experienced technology professionals deliver a full range of technology services, including IT management and consulting custom software development, cybersecurity, and data center services. With headquarters and data center facilities in Little Rock, and sales offices in Conway and Bentonville, Mainstream serves public-and private-sector customers across the United States.

Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile

Contact Us

  • Industry

  • Category

  • Regulation

  • Solution