Backup

The 3-2-1 rule (3 copies, 2 media types, 1 offsite) is the baseline; current guidance adds a fourth principle — at least one immutable or air-gapped copy that ransomware can’t encrypt. Test restores on a schedule, because an untested backup is not a backup; recovery-time and recovery-point objectives (RTO/RPO) define how fast and how current those restores must be.