Keeping Data Safe: The 3-2-1 Rule for Data Backup in Disaster Recovery

Chris Kennedy; Consultant; Juris Professional Services:


Guess what’s next in tech? October is Cyber Security Awareness Month! What better way to prepare than ensuring your bread-and-butter database that you work in every day is backed up properly and can be restored with current, uncorrupted data if disaster strikes. When was your last database backup? If you are searching through emails and contacting your IT support right now, stop and ask yourself why that question made you panic.

Backups play an important role in disaster recovery. Having a reliable daily backup in place, or even going full detail with an hourly backup, can mean recovering after a disaster in a few hours vs. weeks or even months.

You might ask, “We do have a daily backup, so we’re good right?” Maybe, maybe not!

Where are those daily backups currently stored? On the same server that they were created on? Probably. Think ahead: What happens if you lose your office to a fire, flood, or other natural disaster? What happens if that server hard drive crashes? Well, now you’ve lost your backups.

Think of this 3-2-1 rule and ensure your firm’s IT department is aligned with it. If not, make it a requirement.

3 – Always have 3 copies of each backup.

2 – Store 2 of those copies on different media. For example, one on the server it’s made from and the other on a file server or backup server.

1 – Store the last 1 off-site.

Why not make the file naming convention usable so you can quickly find the file? Here’s a good example of a backup file name:

Juris-WBJK-09152019.bak (DatabaseName-FirmInitials-Date.bak)

Don’t forget to compress the file using software like 7-zip ( ) and password-protect it using that same program. The new General Data Protection Regulation (GDPR) standards require passwords on files that contain private data as of May 25, 2018.  

A good recommendation to follow is to store your daily backups for at least 7 to 14 days and retain yearly backups for six years in case of an IRS audit.

All of this can be done if you have a full version of Microsoft SQL Server using a Maintenance Plan, minus the storing off-site part. For more information on SQL Maintenance Plan setup, visit our support site article located here: SQL Maintenance Recommendations.

Communicate monthly if not weekly with your IT employees and ask for a heartbeat check on your environment. Keep a line of communication open with your IT department to help catch potential problem scenarios before they get out of control.

Here’s a list of questions to ask your IT personnel:

  1. When was our last backup on “xxx” database?
  2. Where do you have it stored? (Remember the 3-2-1 rule above.)
  3. How is it stored? (Hopefully as a compressed and password-protected file.)
  4. Do we have a naming convention in place for our backups? If so, what is it?
  5. What is our data retention policy on backups?
  6. How much server space is available for the backups?
  7. Are there any error messages in the Event View logs?

Remember, it’s like the old saying goes: “A chain is only as strong as its weakest link.” Don’t let your backups be the weak link in your disaster recovery plan. Everything else is replaceable.