Since scare tactics seem to be at least start considering the problem, or what compels some people to take secure your wordpress site a little more seriously, let me shoot a couple of scare tactics your way.
No software system is immune to vulnerabilities and bugs. Security holes will be discovered and bad men will do their best to exploit them. Keeping your software up-to-date is a good way once security holes are found because their products will be fixed by software sellers that are reliable.
Yes, you want find more info to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. If you make changes and additions to your site, definitely. If you make changes multiple times a day, or have a community of people that are in there all the time, a backup should be a minimum.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, index Members only plugin, DropShop etc.. I think this plugin is a fantastic choice and you can use it for free.
Utilizing a plugin for WordPress security only makes great sense. WordPress backups will need to be performed on a regular basis. Do not become a victim of not being proactive because!