Backup Strategies — Protecting What Matters

The Golden Rule: 3-2-1

If you remember nothing else from this guide, remember this:

• 3 copies of your data
• 2 different storage media
• 1 copy off-site

This isn't paranoia — it's the minimum viable backup strategy. Hard drives fail. Houses flood. Ransomware encrypts. The question isn't whether you'll lose data, it's when, and whether you'll be prepared.

What Actually Needs Backing Up?

Not everything deserves the same level of protection. Categorise your data:

Backup Software Compared

Restic — The Modern Standard

Restic is fast, secure, and handles deduplication beautifully. It supports local, S3, SFTP, and many other backends.

Strengths:

• Built-in encryption (AES-256)
• Block-level deduplication (saves enormous amounts of space)
• Works with local drives, NAS, S3, Backblaze B2, Wasabi
• Written in Go — single binary, no dependencies

Basic daily backup:

# Initialise a repository (once)
restic -r /mnt/backup/restic-repo init

# Take a snapshot
restic -r /mnt/backup/restic-repo backup /home/user/documents

# Prune old snapshots (keep 7 daily, 4 weekly, 6 monthly)
restic -r /mnt/backup/restic-repo forget \
  --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --prune

BorgBackup — Space-Efficient Champion

BorgBackup (Borg) excels at deduplication and compression. Slightly more complex than Restic but often achieves better compression ratios.

Strengths:

• Excellent compression (lz4, zstd, lzma)
• Append-only mode for tamper resistance
• Mature, battle-tested codebase

Duplicati — GUI-Friendly

If you want a web interface for scheduling and monitoring backups, Duplicati provides that. It's Docker-friendly and supports encrypted backups to multiple cloud providers.

Off-Site Backup Options

Automating Backups

A backup you have to remember to run is a backup that won't happen. Automate everything.

Cron + Restic Example

# /etc/cron.d/daily-backup
0 3 * * * root /usr/local/bin/restic -r sftp:backup-server:/repo backup /home --quiet
0 4 * * 0 root /usr/local/bin/restic -r sftp:backup-server:/repo forget --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune --quiet

Systemd Timer (Modern Alternative)

# /etc/systemd/system/backup.service
[Unit]
Description=Daily Restic Backup

[Service]
Type=oneshot
ExecStart=/usr/local/bin/restic -r sftp:backup-server:/repo backup /home

# /etc/systemd/system/backup.timer
[Unit]
Description=Run backup daily at 03:00

[Timer]
OnCalendar=*-*-* 03:00:00
Persistent=true

[Install]
WantedBy=timers.target

Testing Restores

A backup you've never restored from is not a backup. Schedule regular restore tests:

1. Pick a random file from your backup
2. Restore it to a temporary location
3. Verify it matches the original (checksum)
4. Document the result

# Verify backup integrity
restic -r /mnt/backup/restic-repo check

# Restore a specific file
restic -r /mnt/backup/restic-repo restore latest --target /tmp/restore --include "/documents/important.pdf"

NAS-Specific Backup Features

If you're running a Synology or QNAP NAS, built-in tools can handle much of this:

• Synology Hyper Backup — Scheduled, versioned, encrypted backups to USB, remote NAS, or cloud
• Synology Snapshot Replication — Point-in-time snapshots of shared folders (BTRFS)
• QNAP Hybrid Backup Sync — Similar to Hyper Backup with multi-cloud support

These are excellent for the NAS itself, but remember: the NAS is only one copy. You still need off-site.

Long-Term Archival

For data you need to keep for years (or decades):

• Use open formats — PDF/A, PNG, FLAC, plain text. Avoid proprietary formats that may not open in 20 years
• Include checksums — SHA-256 hash files alongside archives
• Document the structure — A README explaining what's in the archive and how to access it
• Refresh storage media — Hard drives and SSDs degrade. Re-copy data to new media every 3–5 years
• Consider optical media — M-DISC Blu-rays claim 1,000+ year data retention

Product links may include affiliate partnerships — see our affiliate disclosure for details.