Backups & Recovery

TL;DR

• A backup is a copy of your data that you can restore from when the original is gone, damaged, encrypted by ransomware, or stolen.
• The classic rule still works: 3-2-1. Three copies of your data. On two different kinds of storage. With one copy stored off-site.
• Most people own enough hardware and have enough free cloud storage already. The missing piece is the plan, not the hardware.
• The most-forgotten data lives in phones, in email accounts, and in cloud platforms where you assumed the cloud was the backup. The cloud is not a backup; an account that gets locked or deleted takes the cloud with it.
• The day you discover you need a backup is the day you find out whether you have one. Test the restore before you need it.

What it is

A backup is a second (or third) copy of your important data, stored somewhere you can reach when the original cannot be reached. Important data is whatever you would mourn losing:

• Photos and videos of family.
• Documents — work, taxes, contracts, certificates.
• Email, especially the email account that anchors everything else.
• Notes, journals, and creative work.
• Password manager export.
• Any business or freelance records.
• Phone contacts, calendar, messages (where you care to keep them).
• For some people: large media libraries — music, films, archives.

A good backup plan handles three different failure modes:

1. Device failure. The laptop drive dies. The phone falls in water. You replace the hardware and restore. Solved by any backup.
2. Theft. Laptop and external drive in the same bag stolen together. Solved by 3-2-1 — the off-site copy survives.
3. Ransomware. Malware encrypts your files and asks for payment. If your backup is on a drive that was plugged in at the moment of infection, the malware encrypts the backup too. Solved by having at least one backup that is offline or write-protected.

Most backup plans handle one or two of these. The plans that handle all three look something like 3-2-1.

The 3-2-1 plan in practice

Three copies. The original plus two backups. Yes, two. Hardware fails. Backup drives fail. One backup is half a backup.

Two media types. Don't keep all copies on the same kind of storage. If you back up your laptop's internal SSD to a USB SSD made by the same manufacturer in the same year, both will fail in the same way. Mix: external hard drive plus cloud, or NAS plus cloud, or external SSD plus cloud, or an external drive plus another external drive kept somewhere else.

One off-site. A burst pipe, a fire, or a thief takes everything in the room. The off-site copy is what saves you. Off-site can mean:

• A reputable cloud backup service (Backblaze, Arq, iDrive, Proton Drive, pCloud, etc.).
• An encrypted external drive kept at a parent's or a friend's house, rotated every month or two.
• A locker at work.
• A safety deposit box.

For most households, "one cloud + one local drive" is the sweet spot.

What about iCloud, Google Drive, and OneDrive?

These are sync services, not backups. The distinction matters.

• Sync means: every device has the same copy. If you delete a file on one device, it disappears from all of them.
• Backup means: there is a copy somewhere that doesn't change when the original changes.

If a virus encrypts your files, iCloud / Drive / OneDrive will helpfully sync the encrypted versions to all your devices. If your account is compromised and the attacker deletes your photos, they're deleted everywhere.

That said, most of these services do offer some version-history or trash-recovery for a short window (typically 30 days). That helps a little. It is not a substitute for a proper backup.

Photo libraries (iCloud Photos, Google Photos) are the most commonly lost. Pull a full export periodically and keep it on your own storage.

Tools that work

The names change. The categories don't.

• Built into your operating system:
  • Windows — File History (basic) or Backup and Restore (Windows 7) (still works for full image backups). Many users now use third-party tools because the built-in ones are limited.
  • macOS — Time Machine. Plug in an external drive once. Mac handles the rest.
  • Linux — rsync, BorgBackup, Restic for the technically inclined; Déjà Dup for a friendly GUI.
• Phone backups:
  • iPhone — iCloud Backup is automatic but stops working when storage runs out; pay for enough or take a full backup to a computer with iTunes/Finder every few months.
  • Android — Google One is automatic for most things; some manufacturers offer additional tools.
  • All phones — pull your photos to a real computer occasionally. The cloud is not the only safe place; it shouldn't be the only place.
• Network-attached storage (NAS):
  • A small device (Synology, QNAP, Asustor, UGREEN, or home-built) that holds shared storage for the household and runs scheduled backup jobs.
  • Most have built-in cloud-sync, photo libraries, and Time Machine support.
  • Modern NAS support snapshots and immutable backups, both excellent against ransomware.
• Cloud backup services:
  • Backblaze — long-running consumer cloud backup, simple, well-priced.
  • Arq — pay-once software, you choose your own cloud (Backblaze B2, Wasabi, AWS, etc.).
  • iDrive, SpiderOak, Proton Drive, pCloud, Tresorit — alternatives with different mixes of privacy and convenience.
  • For business: Veeam, Acronis, and others are excellent but overkill for households.

For privacy: backups should be encrypted before they leave your device. Most modern tools do this by default; verify in the settings.

The first hour — getting started

1. List what matters. Five minutes. "Photos, documents, email export, password manager backup, browser bookmarks, family videos, [whatever is on the list]." You will be surprised how short it actually is.
2. Pick a backup approach based on your devices.
   • One Mac, manageable data → Time Machine to an external drive, plus iCloud sync (for the convenience), plus a cloud backup service for off-site.
   • One Windows PC → a third-party backup tool (Macrium Reflect free, Veeam Free, AOMEI, etc.) to an external drive, plus a cloud backup service.
   • Mixed-device household → a NAS for the local copy, plus a cloud backup of the NAS.
3. Set the schedule. Daily for active documents and photos. Weekly for everything. Monthly to verify.
4. Run the first backup. This will be slow — first backups always are. Leave it overnight.
5. Test a restore. Today, not in a year. Pretend a file is lost; restore it. If you cannot, fix the setup before you actually need it.

Watch out for ransomware

If a backup drive is plugged in when ransomware hits, the ransomware encrypts the backup too. Defences:

• Air-gap. Some backups should live on a drive that is unplugged most of the time, plugged in only briefly for the backup itself.
• Immutable / object-lock. Several cloud-backup providers offer immutable backups — files cannot be deleted or modified by the attacker for a fixed retention period.
• Snapshots. NAS systems support read-only snapshots that survive a ransomware attack on the live data.
• Versioned cloud storage that keeps multiple older versions of every file. Even if the live version is encrypted, an older clean version is recoverable.

What NOT to do

• Don't keep a backup drive plugged in permanently as your only backup. Use it as one of several.
• Don't store backups on the same shelf as the laptop. A fire, a burst pipe, or a burglary takes both.
• Don't trust a "cloud" you don't pay for and don't really know. Free cloud services can be discontinued, capped, or the company can vanish. For irreplaceable data, pay something for the off-site copy.
• Don't put off the restore test. Untested backups are wishes, not backups.
• Don't keep the only copy of an irreplaceable family album on a single SD card that lives in a drawer.
• Don't forget the email backup. Email is the master key to every other account; an exported archive (Gmail Takeout, Outlook export, IMAP archive) on a drive at home is the cheapest insurance you'll ever buy.
• Don't ignore phone photos. They are usually the data people miss most when a device is lost.

Use AI to help you

Plan from scratch:

"I have the following devices and data: [list — laptop OS, phone OS, NAS if any, external drives, current cloud services]. Roughly [size in GB or TB] of data I cannot lose. Please design a 3-2-1 backup plan that fits my devices and budget [range]. Cover (a) what software to use, (b) what to back up where, (c) how often, (d) ransomware protection, and (e) how to test the restore. Avoid vendor-specific marketing — focus on categories and trade-offs."

Audit a current setup:

"Below is what I currently do for backups. Please critique it as an experienced systems administrator would: (a) what are the realistic failure modes, (b) where are the gaps, (c) what is the single highest-leverage change I can make, and (d) what tests should I run today and monthly thereafter? [paste your current setup]"

A reminder: AI doesn't know whether the cable on your shelf actually still works. After any plan change, run a real restore test.

Who to call

Find the latest contacts for your country with AI:

"I'm in [your country]. List the official and reputable sources I may need in a data-loss or ransomware scenario — the national cybersecurity centre's ransomware-incident guidance, the police cybercrime unit, the global NoMoreRansom.org project (which decryption tools currently exist for known ransomware families), and a list of reputable forensic data-recovery laboratories that operate in my country. For each, give the official website and public phone number. Tell me the order to contact them in if (a) a backup drive has failed and I have no other copy, (b) ransomware has encrypted my files, or (c) I've lost a phone with the only copy of recent photos. Cite each official source. Flag anything that might be outdated."

• Your operating system vendor's support for built-in backup tools.
• A local IT shop or independent IT consultant for a one-time setup — usually a few hours of paid help saves years of risk.
• A data-recovery service if a drive has already failed and you have no backup. Expensive (often €500–€3,000) and not always successful. Don't open the drive, don't run consumer recovery software on it, send it to a reputable lab.
• Your country's national cybersecurity centre for ransomware-specific incident-response guidance.

When to escalate beyond chat

• Ransomware has hit and you don't have a backup — don't pay immediately. Contact your country's cybersecurity centre or police cybercrime unit; NoMoreRansom.org publishes free decryption tools for many ransomware families. Paying is the last resort and often funds further attacks.
• A drive holding the only copy of irreplaceable family memories has failed — stop using it; do not run "recovery wizards" that overwrite the drive further; send to a reputable data-recovery lab.
• You inherit a deceased relative's data and the password is unknown — major operating systems and cloud providers have legacy-contact processes. Apple Legacy Contact, Google Inactive Account Manager, Microsoft next-of-kin process. Bring a death certificate, evidence of relationship, and patience.
• A small business or freelance setup with no backups and a compromised laptop — pause work, contact an IT consultant for forensic copy and clean rebuild; consider business-interruption insurance for the future.

Related topics

• "I've Been Hacked" — when an account holding cloud data is compromised, the backup is your safety net.
• "Your Data Was Leaked" — a cloud-provider breach is not your hardware failing, but the response shares some moves.
• Smart-Home & IoT Security — your home network often hosts the NAS that is doing the backup.
• Passwords & Two-Factor — protect the account that controls the cloud backup, or none of this matters.

Sources & references (internal — not rendered to the live page):

• Veeam — annual Data Protection Trends report
• NoMoreRansom — global free decryption project
• Backblaze — published hard-drive reliability reports
• NIST SP 800-184 — Guide for Cybersecurity Event Recovery
• ENISA — ransomware threat landscape