Back to course

Data Backup and Recovery Planning

Cyber Security Mastery: From Zero to Hero

The Last Resort: Data Backups

Even the best defenses can fail. A robust backup and recovery strategy is the only way to guarantee Availability after a catastrophic event, such as a ransomware attack, fire, or hardware failure.

The 3-2-1 Rule

This is the industry standard for backup strategy:

  • 3: Keep at least three copies of your data (the original data + two backups).
  • 2: Store the backups on at least two different types of media (e.g., internal hard drive, tape, cloud storage).
  • 1: Keep at least one copy of the backup off-site (physical location or separate cloud provider).

Immutability and Isolation

Crucially, backups must be immutable (cannot be changed or deleted) and isolated (not constantly connected to the network).

  • If backups are accessible to the network, ransomware can encrypt or destroy them instantly, rendering your recovery plan useless.