The fix wordpress malware cleanup Codex has an outline of what permissions are acceptable. File and directory permissions can be changed through an FTP client or within the page from your hosting company.
Also, don't make the mistake of believing that your web host will have your back so far as WordPress copies go. Not always. While they say they do, it's been my experience that the hosting company may or may not be doing proper backups. Take that kind of chance?
Yes, you want to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely if you make changes and frequent additions to your website. If you Visit Website have a community of people that are in there all the time, or make changes multiple times every day, a daily backup should be a minimum.
Note that you should try this last step for setups. If you would like to do it for existing installations, you will also have to change all of the table names within the database.
You do consider needing security when your site is new but you do have to protect your investment and yourself. Having a site go down and not having the ability to restore it can mean a loss of customers who probably won't remember to look for your website again later and can not find you. Do not let that happen to you. Back up your site after you get it started, as the site is operational, and schedule regular backups for as long. This discover this way, you will have peace and WordPress security of mind.