Leaving your backup always plugged in, is about as useful as going fishing and leaving your life jacket under the foredeck. The life jacket might save you if you get advance notice of a freak wave but apart from that it isn’t much use.
I have previously written why a hard drive is not a backup strategy. It is also vital to understand that a backup should include an off line component. That is, one of the automated backups should be taken offline and kept offline and never overwritten.
There are many dangers associated with leaving backups on line. First and foremost is that these online backups are available to be manipulated. They can be deleted, whether accidently, on purpose or by some ill-conceived backup strategy. Always on line backups are also susceptible to attacks by malicious viruses such as the crypto locker virus. This nasty piece of work encrypts all files it has access to, including USB drives, connected external hard drives, any and all files on shared drives and folders, even those on other computers. These files are then held hostage until a random is paid, within 24 hours or else the key to decrypt the files is forever deleted. The only defence against all of these possibilities is having offline backups as these offline backups cannot be manipulated.
There are a variety of ways backups can be taken off line. DVDs can be burnt. USB keys can be easily stored in safes. Off course, one should not rely on a single backup media.
Once the backups are off line they are then easier to take off site for even better protection.
When devising a backup strategy, it’s important to consider all possibilities that can cause data loss. Think about what would happen in the event of, fire, flood, burglary, accidents to hardware or software, virus, malicious activity by individuals external to your organisation or by disgruntled staff members. Unfortunately too many organisations only consider hardware failure as the only cause of data loss.