If you do not have good protection on your site files can easily get lost. Some of those files might be stored on your computer and easily replaceable, but what about the rest of them? Where are you going to get them from again, if you lose the first time to them? Especially fix malware problem is very important. Often sites have made a high number of documents and have a lot of data. Recreating all of that would be a nightmare, and not something any business owner wants to do.
Also, don't make the mistake of believing that your hosting company will have your back so far as WordPress backups go. Not always. While they say that they do, it's been my experience that the company may or might not be doing proper backups. Take that kind of chance?
Is to delete the default administrator account. This is important because if you don't do it, malicious user already know a user name that they could try to crack.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think this plugin is a good choice and you can use it.
I prefer to use a WordPress plugin to get the work done. Make sure that the plugin you choose is able to do select backups, has restore performance, and can replicate. Be sure it is frequently updated to keep pace. There's absolutely not any use in not working, and backing your data up to a plugin that's out of great site date.