WordPress suffers from “too many options” syndrome. It’s super flexible, but everyone has their own way to do it, and too many people are afraid to say, “Here’s a good way.” So whenever I say, “Here’s what you should do,” that means there might my a hundred other options, but I’m giving you my recommendation.
Backups are always a good idea. Because I’m a technical person I like automated FTP backups. SSH actually, which is encrypted … annnnnd I just lost you. 🙂
I don’t have a strong opinion on other options, but WordPress lists several options in the Codex.
Just pay the man
The drop-dead simplest way, with great reliability, is the Amazon S3 plugin listed there. But that costs. How much? I don’t know. But like most options with web hosting you’ll be trading money for expertise. If you have one, you don’t need (as much of) the other.
Next best would be this simple method. It’s easy and free, but you have to remember to do it manually, and you have to figure out how and where to store the file you download.
That’s still a fairly good option, since your webserver and your desktop machine are unlikely to both fail at the same time. But if they do …
So, decide how secure you need to feel, and how much of your own time and/or money you’re willing to invest, and pick one of those options.