How often should backups run?

Continuously to cloud (Backblaze runs in the background); nightly to NAS for laptops; weekly for NAS-to-cloud full sync. The shorter the gap, the less you lose if something fails between backups.

How much should I expect to pay?

Cloud-only for laptops: $99/year per machine (Backblaze Personal). Local NAS-only: the cost of the NAS plus drives, no ongoing fee. Full 3-2-1 for a household: $200-400/year all-in, less if you already own NAS hardware.

Do I need to encrypt my backups?

Yes for cloud (most providers encrypt by default; consider a personal-key option for sensitive data). Optional for local backups in your house — encryption protects against theft but adds risk if you lose the key. Most home users skip local encryption.

Backups & Storage · Beginner explainer

Backup basics: the 3-2-1 rule for households

"Backup" gets used to mean three different things — sync, copy-to-another-folder, and actual restorable backup — and only the last one will save your family photos when a drive dies or ransomware sweeps the laptop. This page explains what a real backup is, the rule everyone refers to as 3-2-1, the 2026 update most home guides have not caught up to yet, and how to set this up at home in one weekend.

The mental model

A backup is an insurance policy on your data. The 3-2-1 rule is belt + suspenders + a spare belt in the car — three layers, two different kinds, one in a different location.

**Sync** (iCloud, Dropbox, Google One) is the shared closet — convenient, always up to date, but if a moth eats one shirt, every shirt in that closet has a hole, instantly, on every device.
**A real backup** is an independent copy. Same drive doesn't count. Same folder doesn't count. Same synced cloud account doesn't count.
The 2026 update — 3-2-1-1-0 — adds **one immutable copy** (cannot be deleted or encrypted by ransomware) and **zero errors** on a recovery test you actually run.

Words you will see

Backup: An independent copy of your data that survives even if the original device is wiped, stolen, encrypted, or set on fire. "Independent" is the load-bearing word: same drive, same folder, or same synced cloud account does not count.
Sync: A service that keeps the same set of files identical across multiple devices (iCloud Drive, Dropbox, Google Drive, OneDrive). Delete on one device → gone everywhere within seconds. Useful for convenience; dangerous as a backup.
3-2-1 rule: Three copies of your data, on two different kinds of storage, with one copy kept offsite. The 30-year-old industry standard.
3-2-1-1-0 rule: The 2026 update: 3-2-1 plus one immutable copy (cannot be deleted or encrypted even by someone with full passwords) and zero errors on a recovery test. The ransomware-era version most backup vendors moved to between 2023 and 2026.
Immutable copy: A backup written in a format that cannot be modified or deleted for a set retention period, even by an account with full credentials. Object Lock on Backblaze B2 or AWS S3 is the home-feasible version. The point: ransomware cannot encrypt it.
Versioning: The backup keeps yesterday's, last week's, and last month's copies, not just the current state. Critical for "I accidentally overwrote this file two weeks ago."
Restore test: Picking a random file from the backup and verifying it actually opens. A backup you have never restored from is a wish, not a backup.

What a real backup actually is

A backup is a copy that survives the death of the original. Same drive in a second folder is not a backup — the drive failing kills both. Same folder synced to iCloud is not a backup either — sync propagates deletes and corruption in seconds.

A backup must be (a) on different hardware than the original, (b) capable of going back in time to a version before the bad thing happened, and (c) tested. If any of those three is missing, what you have is filing, not backup.

The 3-2-1 rule, translated for a household

**3 copies**: Original (laptop or phone) + one local backup (NAS, external USB) + one offsite copy (cloud).

**2 different kinds of storage**: Your laptop's SSD and your NAS hard drives count as two; two USB drives plugged into the same laptop do not.

**1 offsite**: Outside your house. A USB drive in the kitchen drawer is not offsite — a house fire takes everything. Cloud backup, a parent's house, or a USB drive in a safe deposit box all count.

The 2026 update: 3-2-1-1-0

The traditional rule was written before ransomware that hunts down backup destinations. The modern version adds two requirements.

**The extra "1"** is one immutable copy — a backup that even ransomware with admin access cannot encrypt or delete during its retention window. For a household, this is Backblaze B2 or AWS S3 with Object Lock enabled, or a USB drive physically disconnected after the backup runs (an "air gap").

**The "0"** is zero errors on a recovery test, meaning at least once a quarter you actually restore a file and confirm it opens cleanly.

Why iCloud, Google One, Dropbox are NOT a backup

Sync services exist to mirror the current state across devices. The mirror is the feature, and it is also the failure mode.

Delete a file on your laptop and it is gone on iPhone, iPad, web, and any other device within seconds — usually before the trash empties. If ransomware encrypts your local photo library, the encrypted versions sync up to the cloud and overwrite the clean originals there.

iCloud in particular keeps no version history and has no rollback to a point in time. Dropbox and Google Drive keep some version history on paid plans, but it is short and not the right tool for "restore my whole laptop from three weeks ago."

What a real backup looks like for a household

Three layers that match the rule:

**Copy 1 (original)**: laptop, phone, NAS — wherever the data lives day-to-day.

**Copy 2 (local backup, fast restore)**: A NAS running Synology Hyper Backup, QNAP HBS3, TrueNAS replication, or Unraid appdata backup. Without a NAS, a single external USB drive plugged in weekly works as a starter. Local copies restore in minutes, not hours.

**Copy 3 (offsite, disaster-proof)**: Cloud backup. Backblaze Personal at $99/year unlimited per machine for laptops. For a NAS, Backblaze B2 at ~$6/TB/month with Object Lock turned on, or Synology C2 / iDrive.

Photo-specific 2026 reality: pair iCloud Photos or Google Photos with iCloud Advanced Data Protection plus a quarterly export to a NAS, OR move to self-hosted Synology Photos or Immich on a NAS and back the NAS up to cloud.

Common misconceptions

Many people think: RAID on my NAS means I have a backup.

Actually: RAID protects against one drive failing inside the NAS. It does not protect against accidental delete, ransomware, the NAS catching fire, theft, or a controller failure that takes all drives at once. See What is a NAS.

Many people think: iCloud / Google One / Dropbox is my backup.

Actually: They are sync services. Delete a file, it deletes everywhere. Ransomware encrypts your laptop, the encrypted versions sync up and overwrite the clean cloud copies.

Many people think: Copying my Documents folder to another folder on the same drive is a backup.

Actually: If the drive fails, both copies die at the same time. Same hardware = same fate.

Many people think: macOS Time Machine on its own is enough.

Actually: Time Machine is excellent local versioning, but the backup drive usually sits next to the Mac. Fire, flood, theft, or ransomware (which can encrypt Time Machine volumes too) takes both. Time Machine is copy 2 of three, not the whole strategy.

Many people think: A USB drive in the kitchen drawer counts as offsite.

Actually: Offsite means a different building. A USB drive in the same house dies in the same fire as the laptop.

Ready to actually fix it?

Once the rule clicks, the rest is choosing tools and turning them on:

Last reviewed

2026-05-27