Backing up your data is probably the most important thing that you can do. This is the most effective way to protect against ransome-ware and other malicious attacks. The recommended strategy is 3-2-1. That means three copies of your data, two copies on different media and one copy off-site. The off-site copy is in case the building gets destroyed or you can no longer access it which does happen. This strategy will also mean that you are able to recover original documents if they are accidently deleted or corrupted over time.
There is really no reason why everyone cannot follow this approach especially with the increasing use of personal cloud services and availability of cheap SSDs. My recommendation is that you have at least one copy of your data with a cloud service which could be a free service depending on how much data you have. Another copy can be made regularly and stored on a USB drive – you can get lots of storage cheaply. Then you can decide on the best option for your routine backup whether it is on your PC or with another cloud provider.
You should also consider what software, licences, configuration files, operating systems, etc should be included in your backup strategy and how to do this. There is no need to keep data on old media or devices. The most effective strategy will involve replacing old media with newer media which has more capacity and is cheaper as it becomes available. This can be used to test and validate your backups as well. CDs and DVDs are no longer needed because Hard Disks and SSDs are cheaper, have more capacity and last longer.
Following this approach will mean that you will be able to recover your data when something goes wrong and you cannot assume that it wont. This is especially true for photos which are precious memories and important documents. I have a fire-proof safe in which I keep a USB drive with copies of these along with my important documents.