I'll start with what I do, which isn't quite up to what I'd recommend, but is better than what I had in my first years of CFC membership, which sadly led to accidentally losing some Civ save files.
I have two hard drives, and use one as backup. They're both in the same computer (which is bad, because a bad power surge might fry them both, although the computer is on a surge protector which minimizes that risk). They aren't in RAID - I'd considered it, but have never done it. I back up every 2 months or so on average, which isn't ideal, but is probably still above average. I use my desktop as a main computer, so everything important on my laptop is copied over to my desktop periodically (which means not very often these days as I don't use it very often), and both the desktop's main hard drive and its SSD are backed up to its secondary hard drive.
Software-wise, I use a simple file copier to copy all my files over. I used to use a piece of software called Personal Backup, which was nice when my backup drive was smaller than my main one and I couldn't just back up everything. But the upside of just using a simple copier is that no special software is required to read the backup. It isn't ideal, but it's not complicated.
The good thing about my setup is that I have a drive that's a backup for everything, so I know where to find the backup. And everything that's backed up there is on at least one other disc. So at least I usually know where my files are.
Now, ideally, I'd (a) do backups more regularly, (b) have a backup that isn't connected to a computer except when doing backups, and (c) occasionally back up off-site. Although if I needed the off-site backup, I'd probably have things I was more concerned about than computer files. What's the best way to accomplish those goals, is a good question. I've never used one of those external mass-storage devices like the WD one mentioned in post #3. One question I would have is, how easy is it to swap drives out if one or more of them fail? I bought two Western Digital external drives in late 2011, with mediocre reviews on Amazon (but half the price of any other drive at the time, since prices were very high), used them as internal drives since that's what I really needed but external ones were cheaper, and since then one of them has failed. It wasn't a problem for me since I just bought a Toshiba drive to replace the failed WD one, but judging by how intentionally difficult the WD external enclosures were to open, I'd definitely check whether the 4x3-or-4 TB enclosures are easy to open if need be.
The other nice thing about when the drive failed was that since I had two, it was no big deal. Granted, I would have lost some data had it been the primary drive rather than the backup that failed, but I wouldn't have been hosed.
I'm skeptical of cloud storage for a few reasons. The possibility of the provider closing shop, the higher price over the long term, and the fact that it would take a really long time to back up large quantities of data on typical North American Internet connections. And of course, the privacy questions. SpiderOak is one of the safest choices in that regard from what I've read. The NSA is obviously doing whatever it can to spy on Google (intercepting data between data centers is pretty hardcore determination), so whether Google is really doing the best they can to keep the NSA out or not, I wouldn't want to back up my data to them. SkyDrive is great if you want to, for example, share pictures, but I don't think Microsoft can really be trusted for critical files if you don't want the NSA to see them, either. SpiderOak is American, but unless they have flaws in their encryption (intentional or otherwise), they're a better choice, since they encrypt the data on your computer (and thus before they can see it).
I think the prerequisites for a cloud service being trustworthy depend on how you want to use it. If you're encrypting the data locally before uploading, using something such as TrueCrypt with strong 256-bit or higher encryption, then theoretically any service would work. You have a link to download it from the front page of the New York Times, and it would require enough computing power to crack it that it would be extremely impractical. There are still questions such as whether your credit card information could be trusted with them, but the data itself should be safe, assuming there were no flaws in the cryptography used to protect it.
If you aren't encrypting the data yourself first, it gets more complicated. You don't really want to use a service that doesn't encrypt the data, because then anyone who gets access to their server can read the data. You also don't really want a service that encrypts the data on their servers, because then any front doors in their server will be able to read the data before it's encrypted (as well as anyone who hacks in to their front-facing server that receives the unencrypted data). SpiderOak, and I'm sure a few competitors, encrypt on your computer before uploading, which is preferable. Although even with these services, check and see if there's a password reset feature. If there is, and it allows you to recover your data when used, that's a red flag. That means that your password isn't actually needed to decrypt the data, and that there must be another password that they have that can decrypt it. There's also the question of whether their encryption is trustworthy - SpiderOak's technology is proprietary, so although it's regarded as one of the better options out there, independent cryptographers can't verify that their encryption is as good as they say it is and without backdoors.
As for encrypting drives, there's two categories, software-based and hardware-based. I don't know enough about software-based on Macs to comment on it. Hardware-based drives encrypt everything on them automatically. So even if you have an unencrypted TimeCapsule, if the drive itself is hardware-encrypted, you couldn't access it without unlocking the drive. All the drives I've seen with hardware encryption use AES (Advanced Enryption Standard). AES does not currently have any known security flaws, although the NSA was involved with its creation in the mid-2000's. Some self-encrypting hard drives an SSDs (such as the Intel 320 series) use 128-bit encryption, which is the minimal considered adequate today. Others use much stronger 256-bit encryption, such as Samsung's self-encrypting SSDs. I'd look for the latter - even if 128-bit is impossible to break today, it will be much longer before 256-bit can be broken, assuming there are no flaws in the AES algorithm itself.
Thanks for the reminder to do a backup, it is now running...