I always keep my backup devices disconnected from power or data sources except when I'm actually using them. It's not just being hacked that I'm concerned about, but also power surges and malfunction of the host computers that might destroy the data or device. Rather unlikely, I know, but what's the point of depending on a vulnerable backup device or cloud?
And, to borrow a saying, One is None, Two is One. That way, when one backup source fails due to physical or logical means (it will), you still have the other to copy over to your replacement device.
Most of my career was in IT and user computer support, and losing data was just about the worse thing that can happen. And it's always the IT person's fault, regardless. Boy, was I shocked when I found my predecessor's backups weren't backing much up
.
As an aside, for Windows or DOS users, consider using Robocopy to back up your data. It's a native Windows / DOS application that can be scripted (batch file) to update your files on a backup device, in regular file format rather than relying on any particular application, and it costs no extra. If you want to encrypt the backup, set the backup uf for encryption before copying data to it. Makes it easy to access your data on the backup device. The downside is you need to parse all the different command switches to get it to do what you want it to do. The help files for it are detailed and easily available. Once you get it to do what you want, script it and it's easy street after that. Just be real sure not to accidentally erase your original files by using the wrong switches. The likely way that would happen is using the wrong switches with the command, but always test using expendable sources first, no matter what way you back things up. If you have only one copy, be very careful until you have a tested backup of it!