The Original 3-2-1 Rule
For decades, the 3-2-1 backup rule has been the gold standard for data protection. The principle is simple: maintain 3 copies of your data, stored on 2 different types of media, with 1 copy stored offsite. It was a sound strategy when the primary threats were hardware failure, natural disaster, and accidental deletion.
But the threat landscape has fundamentally changed. Ransomware does not just encrypt your primary data — modern variants actively hunt for and destroy backups. Attackers spend days or weeks inside your network before detonating ransomware, specifically targeting backup systems and cloud sync connections. The 3-2-1 rule, while still a solid foundation, is no longer sufficient on its own to protect Australian businesses against today’s threats.
Enter 3-2-1-1-0
The 3-2-1-1-0 backup rule extends the original framework with two critical additions designed to address modern ransomware and sophisticated cyber attacks.
3 copies of your data. Your production data plus at least two backup copies. If any single copy fails or is compromised, you still have redundancy.
2 different storage media types. For example, local disk-based backup plus cloud storage. Different media types protect against technology-specific failures and vulnerabilities.
1 copy offsite. A backup stored at a different physical location protects against site-level disasters — fire, flood, theft, or physical damage to your office.
1 copy offline or immutable. This is the critical addition for ransomware defence. An offline backup (air-gapped, disconnected from the network) or an immutable backup (stored in a way that prevents modification or deletion for a set retention period) cannot be reached by ransomware that has compromised your network. This is your insurance policy — the copy that survives even when everything else has been encrypted.
TechAssist’s backup and disaster recovery services include 3-2-1-1-0 compliant infrastructure as standard, with automated restore testing and immutable cloud copies.
Related reading: backup strategy | recovery metrics | continuity planning
0 errors. Your backups must be verified. Automated backup verification and regular test restores ensure that when you need to recover, your backups actually contain complete, uncorrupted, usable data. A backup that has not been tested is not a backup — it is a hope.
Why Immutable Backups Matter
The concept of immutable backups deserves special attention because it represents the most significant evolution in backup strategy over the past five years. An immutable backup is one that cannot be altered, encrypted, or deleted — even by someone with administrative access to the backup system.
Modern cloud backup platforms offer immutability through features like object lock (AWS S3 Object Lock, Azure Immutable Blob Storage) and purpose-built immutable backup repositories. Once data is written with an immutability policy, it cannot be modified or deleted until the retention period expires. Even if an attacker gains admin access to your backup console, they cannot destroy your immutable copies.
This is not theoretical protection. The ACSC has documented multiple incidents where Australian organisations had their backup systems deliberately targeted and destroyed before ransomware was deployed. Without immutable or air-gapped copies, these businesses had no viable recovery path and faced the choice of paying the ransom or rebuilding from scratch.
Implementing 3-2-1-1-0 for Your Business
Local Backup (Copy 1)
A local backup provides fast recovery for the most common scenarios — accidental file deletion, application errors, and minor hardware issues. Network-attached storage (NAS) devices or dedicated backup appliances with sufficient capacity for your retention requirements provide the speed needed for rapid restores.
Cloud Backup (Copy 2 — Offsite)
Cloud backup addresses both the offsite and media diversity requirements. Your data is replicated to geographically separated data centres, protecting against site-level disasters. Australian data sovereignty requirements mean you should verify that your cloud backup provider stores data within Australia — TechAssist uses Australian-hosted cloud infrastructure for all backup and disaster recovery services.
Immutable Copy (Copy 3 — Offline/Immutable)
This can be achieved through cloud-based immutable storage with retention lock policies, air-gapped backup media (tape or removable disk stored offsite), or a combination of both. The key requirement is that this copy cannot be reached, modified, or deleted by any user or system on your network.
Verification (The Zero-Error Component)
Automated backup verification should run after every backup job, checking data integrity and completeness. Beyond automated checks, you should conduct a full test restore at least quarterly — recovering a complete system or dataset to verify that your backup process works end-to-end. Document the results and address any issues immediately.
What About Microsoft 365 Backup?
A common misconception is that Microsoft 365 data is automatically backed up by Microsoft. It is not. Microsoft provides infrastructure resilience (their data centres will not lose your data), but they explicitly state that data protection is the customer’s responsibility. If an employee accidentally deletes critical emails, if ransomware encrypts your SharePoint data, or if a departing employee’s mailbox is purged — Microsoft’s native retention policies may not save you.
TechAssist Microsoft 365 services include dedicated M365 backup covering Exchange Online, SharePoint, OneDrive, and Teams data with independent retention and point-in-time recovery capabilities.
The Cost of Getting Backups Wrong
The cost of a proper 3-2-1-1-0 backup strategy is a fraction of the cost of data loss. For a typical 30-person business, a comprehensive backup solution costs between $500 and $1,500 per month. The average cost of a data breach for an Australian SMB exceeds $46,000 — and that figure assumes you can actually recover. Businesses that suffer permanent data loss face an entirely different calculus, with some studies suggesting that 60% of small businesses that lose their data shut down within six months.
If your current backup strategy does not include an immutable or offline component, or if you cannot remember the last time a test restore was performed, your data is at risk. Contact TechAssist to review your backup architecture and ensure it meets the 3-2-1-1-0 standard.
