Preventing Data Loss: Backup Strategies That Actually Work
Backblaze monitors over 300,000 hard drives in their data centers and publishes quarterly failure statistics. The average annual failure rate is about 1.5%. With eight drives in your NAS, that means statistically at least one will fail within five years. The question isn't if, it's when.
Layer 1: RAID – Uptime, Not Backup
RAID keeps your NAS running when a drive dies. It's like a spare tire: you can keep driving, but you should still get to a shop. RAID protects against exactly one thing: hardware failure of individual drives.
What RAID doesn't protect against: accidental deletion (gone on all drives simultaneously), ransomware, software bugs, power surges that fry all drives, theft, fire, flooding. For what happens during a failure, see What Happens When a RAID Drive Fails.
Layer 2: Local Backup
An external drive or second NAS on your network. Regular, automatic, versioned backups of your most important data.
Synology Hyper Backup: Backs up to USB drives, a second Synology, or cloud services. Versioning included.
TrueNAS: ZFS snapshots and replication tasks. A snapshot takes seconds and barely uses extra space.
Unraid: Community apps like Duplicati, Borg, rsync scripts.
Ugreen UGOS Pro: Built-in backup for USB drives and cloud sync. Not as powerful as Hyper Backup yet, but the basics work.
Layer 3: Offsite
At least one copy must be physically elsewhere. No exceptions.
Cloud: Backblaze B2 ~$6/TB/month. Hetzner Storage Box ~€3-4/TB. Always encrypt client-side – Restic, BorgBackup, or Duplicati handle this automatically.
Physical: Encrypted USB drive at a relative's house or bank safe deposit box.
3-2-1 in Practice
Copy 1: Your NAS with RAID 5 or RAIDZ2.
Copy 2: Weekly backup to an external USB drive. Disconnect after backup. A 10 TB drive costs ~$200-250 – tips for finding deals here.
Copy 3: Monthly encrypted cloud backup of essential folders. For 2 TB: ~$12/month on Backblaze B2.
Annual cost: ~$200-300. Compare that to professional data recovery starting at $500+ with no guarantee of success.
What Actually Needs Backing Up
Irreplaceable: Family photos, personal videos, documents, tax records, password databases. All three layers, no compromise.
Important: Music collection, project files. RAID plus local backup is usually enough.
Replaceable: Movies, shows, software downloads. RAID alone is fine.
The Test Everyone Skips
A backup you've never tested is Schrödinger's backup: you don't know if it works until you need it. And then it's too late.
Once a quarter: restore a random file from your backup. Check if it opens. Five minutes for real security instead of a false sense of it.
Further reading
RAID for Home Users: Everything You Need to Know
What Happens When a RAID Drive Fails?
3-2-1 Rule: Practical Implementation
The 3-2-1 rule sounds simple but usually fails in practice on the off-site part. Concrete setups by data volume.
Setup for under 2 TB of data
- Copy 1: Main device (Mac/PC or Synology)
- Copy 2: External USB drive 4 TB, weekly Time Machine or rsync
- Copy 3 (off-site): Backblaze Personal (~$7/mo unlimited) or iCloud/Google One
- Encryption: Mandatory for cloud. Cryptomator as a layer on top.
Setup for 2-20 TB
- Copy 1: 4-bay NAS with RAID 5/SHR-1
- Copy 2: External USB drive 18 TB, monthly full backup. 2 drives in rotation.
- Copy 3 (off-site): Backblaze B2 (~$6/TB/mo) or Wasabi (~$7/TB/mo). Restic or Borg for encrypted incremental backups.
- Testing: Quarterly restore test. A backup you can't restore is not a backup.
Setup for 20-100 TB
- Copy 1: 6-8 bay NAS with RAID 6 or RAIDZ2
- Copy 2: Second NAS in another room (same location), synced daily via Hyper Backup or rsync
- Copy 3 (off-site): Wasabi B2 (volume discount), or physical off-site NAS at family/office. SSD ship for initial sync (Backblaze B2 Cloud Drive Ship Service).
- Selectivity: Not everything needs to be off-site. Re-rippable media (your own movie collection) maybe local-only.
Cold Storage as an Extra Layer
For critical data (family photos, important documents) an extra cold-storage layer pays off:
- External HDD encrypted, refreshed 2-4 times a year, stored at a relative's place
- M-DISC Blu-Ray for ultra-critical documents (1000+ year longevity per vendor)
- Bank safe deposit box for USB SSD with encrypted key files
Cold storage is insurance against ransomware, against total data loss at the main site, and against cloud provider bankruptcy.
Concrete Ransomware Protection
Classic backup doesn't protect against ransomware if it's reachable at the time of encryption. Solutions:
- Snapshots: ZFS, Btrfs, Synology Btrfs snapshots allow rollback. Read-only snapshots can't be encrypted.
- Air-gapped backup: External drive plugged in only during backup, physically disconnected after.
- Versioned cloud backups: Backblaze B2 and Wasabi support object versioning. Even if ransomware reaches the bucket, old versions remain.
- Append-only repos: Borg/Restic with append-only mode on the server. Even a compromised client can't delete old backups.