Does RAID or Unraid parity count as one of the three copies?

No. RAID and Unraid parity protect against single-disk failure on one array. Ransomware, accidental delete, or loss of the home takes them with the data. Treat them as uptime features, not backup copies.

Is cloud sync (OneDrive, Google Drive, Dropbox) a backup?

Not on its own. Sync replicates changes — including deletions and ransomware encryption — across all linked devices. Useful as the working copy with versioning enabled, but you still need a separate backup with retention.

Backups & Storage

Home backup 3-2-1: NAS, cloud, and USB rotation

3-2-1 is the simplest backup rule that still survives ransomware, fire, and accidental deletes: three copies, on two different storage types, with one copy offsite. A NAS alone fails that rule by itself.

Who this is for

For home operators who already have at least one backup of important data and want to upgrade to a real 3-2-1 plan that survives ransomware, fire, theft, and accidental delete.

Outcome

A working three-copy backup plan with the data inventoried, the three copies identified (working / local / offsite), two distinct storage media in use, a verified monthly restore drill, and ransomware-resistant offsite handling.

Required inputs

An inventory of irreplaceable data categories (photos, documents, project files, password exports, device configs) with current size and growth estimate.
Decisions on the local backup target (NAS share, external USB, or both) and the offsite target (cloud backup, rotated USB, or both).
Credentials for the cloud account or storage drive, kept in a password manager separate from the backup config files themselves.

GuideFollow in order

Step-by-step procedure

Inventory irreplaceable categories

Do: Write a short list: photos, documents, project files, password vault exports, device configuration backups. Skip downloads, app caches, and anything reinstallable.

Expected result: The list is short and concrete: each item names a folder/library and an approximate size.

If not: If the list balloons to 'everything on the laptop', cut it back to what cannot be recreated; backup math gets harder when scope is too wide.

Confirm the working copy is healthy

Do: Open each inventoried location and confirm the files are where you think they are; check for any sync errors on cloud-synced folders.

Expected result: Every inventoried location opens, file counts/sizes match expectation, and no sync errors are pending.

If not: Resolve sync errors and broken paths before designing the backup; a backup of broken state is not useful.

Set up the local copy (Copy 2)

Do: Configure automated backup from the working device(s) to a NAS share, an external USB drive, or both. Verify the first run completes and exclude system-managed paths that backup software handles separately.

Expected result: The first local backup completes without errors and the destination shows recent activity.

If not: Check destination space, permissions, and backup-software logs before adding more sources.

Set up the offsite copy (Copy 3)

Do: Configure an offsite target: reputable cloud backup with versioning OR a rotated USB drive kept at a separate location. Use different credentials from any local copy.

Expected result: The first offsite backup completes; the offsite copy uses different credentials than the local copy.

If not: If the offsite shares credentials/MFA with the local copy, a single account compromise can take both; separate them now.

Prove restore from each copy

Do: Pick one harmless file. Restore it from the local copy to a temporary folder and open it. Repeat from the offsite copy. Document the steps in a short note.

Expected result: Both restores produce a working file in a temporary location, and the steps are recorded.

If not: If restore fails, stop using that backup for new data; fix the backup or pick a different tool before the next change.

Schedule monthly restore drills and review

Do: Add a monthly calendar reminder to restore one file from each copy and check that retention/versioning still satisfies the plan (e.g., 90+ days of history).

Expected result: Every month, both copies produce a successful restore and retention covers the agreed window.

If not: If a drill fails, treat it as a backup outage; fix before the next data change.

3-2-1 status snapshot

Data category	Working copy location	Local backup target	Offsite backup target	Media types	Last restore drill	Retention window
Photos	Phone + NAS photos share	NAS snapshot / versioned backup	Cloud backup with versioning	NAS + cloud	Monthly	90 days versioned
Documents	Laptop OneDrive/Drive folder	Laptop > NAS via backup tool	Cloud backup or rotated USB at work/family	NAS + cloud OR NAS + USB	Monthly	30+ days versioned
Password vault export	Password manager (not in plain files)	Encrypted export to NAS share	Encrypted export to cloud / USB	NAS + cloud	Quarterly	Last 3 exports kept

Commands and settings paths

Local backup status

Backup software dashboard (Hyper Backup, Borg, restic, Time Machine, File History, etc.)

Where: On the source device or NAS that runs the backup job.

Expected: Most recent job status is success; job log shows files transferred and no errors.

Failure means: If the dashboard shows old success or recent failures, the local copy is stale or broken.

Safe next step: Re-run the job, check destination space and permissions, and investigate any error logs before assuming the schedule is fine.

Offsite backup status

Cloud backup dashboard (Backblaze, Arq, iDrive, vendor cloud) or rotated-USB backup tool

Where: In the offsite backup tool's UI on a trusted device.

Expected: The most recent job finished successfully and the storage account is in good standing (paid, not over quota).

Failure means: An offsite copy that has not run in days/weeks is not protecting current data.

Safe next step: Check the account status first (billing, quota, credentials), then re-run the job.

Evidence to record

Date and size of the most recent successful local backup; date and size of the most recent successful offsite backup.
Date and outcome of the most recent restore drill for each copy.
Storage media types in use (NAS / USB / cloud) and confirmation they are at least two distinct types.
Retention window for each copy (e.g., 30 days versioned local, 90 days versioned offsite).

Common mistakes

Counting RAID, Unraid parity, or cloud sync as one of the three copies — they protect uptime, not against ransomware or accidental delete.
Using the same vendor account (or same MFA device) for both the local and offsite copies, so a single account compromise takes both.
Treating 'schedule shows green' as proof; never running a restore drill until the day a real restore is needed.

Stop points

Stop before deleting original files when only the first backup run has completed; wait for at least one restore drill.
Stop before exposing the backup destination publicly (port-forwarded NAS, public bucket) to make remote restore easier; use VPN-style access or downloads via the vendor UI instead.

Last reviewed

2026-05-06

Source-backed checks

HomeTechOps turns official docs and conservative safety rules into a shorter runbook. These links are the source trail for the page direction.

CISA: Data backup options (3-2-1 backup guidance)Used for 3-2-1 backup framing: at least three copies, two different media, one offsite.NIST: Ransomware guidanceUsed for conservative backup and recovery assumptions around independent copies, ransomware, and restore readiness.Synology: Backup and data protectionUsed for NAS-as-local-layer guidance, offsite backup, and restore drills.Synology: Hyper Backup technical specificationsUsed for backup-version, restore, integrity-check, destination, and Hyper Backup Explorer assumptions.