Is a briefcase of external HDDs still a valid offsite strategy?

Yes, if you do it seriously: multiple disks in rotation, encrypted, actually physically elsewhere, and tested. For small SMB it's cheap, simple and genuinely air-gapped. For larger setups it hits scale and discipline limits.

Try this first

1. 1Plan at least 3 disks in rotation: 1 in a safe, 1 in transit or at the owner's home, 1 active. Swap weekly or daily depending on your RPO. Below 3 you have no rotation, just a single-disk strategy.
2. 2Use BitLocker or LUKS on each disk, with the recovery key in a password manager (not stuck on the disk). A stolen unencrypted disk is a notifiable breach.
3. 3Set a fixed schedule: who swaps on which day, where it goes, how the swap is logged. Without discipline the same disk sits in the NAS for three months.
4. 4Tools like Veeam, Acronis, Synology Hyper Backup support rotating disk targets with built-in schedule logic. Configure that instead of manual copy-paste.
5. 5Replace disks proactively: HDDs last 3-5 years, SSDs a bit longer but wear with writes. Replace before the first error.
6. 6Test a restore from an offsite disk at least quarterly, not from the active one. Otherwise all you know is the active one works.

None of the above fits?

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.