The advice recommended above is fine.
However, being who I am, I don't rely on any 3rd party extension/plugin to handle backup routines. I manage sites in Wordpress, Joomla, Zen-Cart and Magento. The problem with some of the extensions is that they live within the CMS' framework and/or do the backups within the site's filesystem.
- If your site gets hacked you may not be able to get to the admin panel to be able to get it back online. This does happen.
- If it is hacked there is a fair chance that the filesystem has been compromised meaning that the backups themselves are in jeopardy.
I write automated jobs (cronjobs) and shell scripts to do both filesystem and database backups and place them in a devoted backup folder inaccessible to hackers. With some of my sites I take that a step further and have written an automated job to send backups to another server.
You should also know that if a site is compromised that you may not know of it for months. A hacker can plant a virus/whatever to be used on demand at a later date.
There are several services out there that offer anti-hack monitoring for a price. If your site is worth anything then it's worth quality hosting and and extra $20/month for peace of mind.
Also, check with your provider and find out what their backup routine is.