It's a bit of a "how long is a piece of string" question I'm afraid. What backup regime to deploy, what software/hardware to use. etc. depends on the risks you are trying to mitigate. For example, some use cases have legal requirements to maintain "records" and point-in-time "snapshots" for certain amounts of time: Some companies "culture" is such that they want to recall historic records from a certain number of points in time for a certain duration.
There's "operational" matters to consider - ie. who's the poor mug that's going to create/check/maintain the backups and how reliable is he/she going to be about actually doing it - often one starts out with all good intentions, but it gets boring very quickly and people start being less diligent. Of course, all automation you can deploy helps.
The starting point is the risk analysis which should then inform the backup regime (how often are they made, how many generations to create, how long to retain them, are you backing up just data or the entire OS, etc.) which then informs the technology required. And of course, the cost is a big factor too.
I'm a big fan of "over the wire" backup mechanisms using service providers - not least because it automatically "off-sites" your backup sets. But they require a decent Internet (upload) speed and do require the ongoing outlay of sometimes quite significant amounts of money depending on the data volumes. (Though vendors of such services try to justify this against the savings in things like hardware, media, staff time, taxis and so no that you no longer have to buy.)
If you were being really professional, you would conduct a full restore test before committing any live data to the system. It's astonishing how rarely, even in big corporate companies, businesses conduct any restore tests to check their backups do actually work. I once used a backup service provider that did the restore test for us once a quarter or so - which was a godsend as my employer at the time would never have given me the time (and kit) to test restores myself.
Things like ShadowCopy are very useful for "oh my good, I've just deleted a file I didn't mean to" scenarios saving you the burden of recovering from backups is such situations.
Backup is tough - IT Teckkies hate doing it - it's boring, FD's hate paying for it because having spent the money, nothing goes any faster, nothing is any cheaper, no one gets any new toys and profits aren't enhanced. All you've done is mitigate risk.