Cloning your site is another degree in fix wordpress malware attack that can be useful. Cloning simply means that you have backed up your site to a totally different place, (offline, as in a folder, so as not to have SEO problems) where you can get it in a moment's notice if necessary.
Everything you've worked for will go with it should your website's server go down. You'll make no sales, get signups or no visitors to your website, until you get the site back up again and in short, you are out of business.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely more, if you make additions and changes to your site. If you have a community of people which are in there all the time, or make changes multiple times every day, a daily backup should be a minimum.
Upgrade if you aren't running the latest version browse around this site of WordPress. Like keeping your door unlocked when you leave for vacation, leaving your site in an old version is.
These are only some of the things I do to secure my blogs. Fantastic thing is that they don't require much time to perform. These are also easy options, which can be carried out easily.