🇫🇷 Dafotec France · ISO 5 cleanroom laboratory in Roubaix since 2004FR·EN · 🇧🇪 Belgium · 09 83 70 00 00
Dafotec FranceData recovery09 83 70 00 00
The Manual · Part VII

Prevention: the 3-2-1-1-0 rule

The best recovery is the one you'll never need. An honest lab says it plainly: no intervention beats a proper backup. This part lays out the strategy that makes data loss nearly impossible — the one we recommend to every client.

PartVII / VIII
Rule3-2-1-1-0
Anti-ransomware keyair gap
Read time~10 min

This whole Manual describes how to recover lost data. This chapter describes how never to get there. It's not a commercial paradox: a serious lab prefers a client who doesn't need it. Recovery is a safety net, not a backup strategy.

1 · The 3-2-1-1-0 rule

The historic 3-2-1 rule has evolved to address ransomware and silent errors. The modern version, 3-2-1-1-0, reads as follows:

  • 3 — keep at least three copies of your data (the original + two backups).
  • 2 — on two different media types (for example internal disk + external disk, or NAS + cloud).
  • 1 — with one copy off-site, geographically separate (cloud, vault, another building) to survive theft, fire or water damage.
  • 1 — with one copy offline (air gap), physically disconnected from the network.
  • 0zero errors: backups are verified and restores are tested.

2 · The air gap, ransomware rampart

The fourth pillar — the offline copy — has become decisive. Ransomware spreads to everything reachable from the network: workstations, servers, NAS, even connected backups. A copy kept physically disconnected (unplugged disk, tape, immutable cloud) escapes encryption because, at the moment of attack, it's out of reach. It's often the only copy that survives — and the one that avoids paying a ransom.

The decisive test. Ask yourself: "If my NAS were encrypted tonight, do I have a copy an attacker couldn't reach from the network?" If the answer is no, your backup has a gap that 3-2-1-1-0 fixes.

3 · RPO & RTO: measuring your risk

Two indicators frame a strategy, especially in business:

  • RPO (Recovery Point Objective) — the amount of data you accept losing, measured by the age of the last backup. Daily backup = 24h RPO; continuous backup = a few minutes' RPO.
  • RTO (Recovery Time Objective) — the acceptable time to get the service running again after an incident.

Defining your RPO and RTO turns backup from a vague intention into a quantified requirement, sized to the real criticality of the data.

4 · The "0": testing your restores

This is the most widespread mistake: believing you're backed up without verifying it. A backup that won't restore isn't a backup. The "0" in 3-2-1-1-0 imposes two disciplines: verifying the integrity of backups (checksums, Bit Rot detection) and regularly testing a full restore, on separate hardware. A quarterly test reveals corrupt, incomplete or undecryptable backups before it's too late.

5 · In practice, by profile

Individual — an external disk + a personal cloud often suffice to reach 3-2-1; unplugging the disk between backups adds the air gap. Check once a year that your photos open.

Freelancer / small business — add an off-site copy and a rotation of disconnected media. Document where your encryption keys are.

Enterprise — formalize RPO/RTO by data type, include an immutable or offline copy, and write restore testing into the business continuity plan.

Finish reading

The final part of the Manual.

Part VIII — conclusion

Horizon 2030

QLC, 300+ layer 3D NAND, ever more opaque SSDs, AI: where data recovery is heading in the coming years.

Read part VIII →
Part V — back

Special cases

Ransomware, precisely: why the air gap is the best answer to an encryption attack.

Re-read part V →
Related resources
Manual contents NAS recovery Business & IT Glossary
Better safe than sorry

Loss happened anyway?

If a backup was missing, not all is lost. Free diagnosis within 24h to assess your chances, no data – no fee.

Get my free diagnosis +33 9 83 70 00 00
Free diagnosis24h emergency