Selfhosted

I don't 🙃

Veeam Backup&Replication with a NFR license for me.
My personal setup:
First backup: Just a back up to a virtual drive stored on my NAS
Offsite backup: Essentially an export of what is available and then creates a full or incremental backup to an external USB drive.
I have two of those. One I keep at home in case my NAS explodes. The second is at my work place.
The off-site only contains my most important pieces of data.
As for frequency: As often as I remember to make one as it requires manual interaction.

Our clients have (depending on their size) the following setups:
2 or more endpoints (excluding exceptions):
Veeam BR Server
First backup to NAS
Second backup (copy of the first) to USB drives (min. of 3. 1 connected, 2 somewhere stored in the business, 3 at home/off-site. Daily rotation)
Optionally a S3 compatible cloud backup.

Bigger customers maybe have mirroring but we have those cases very rarely.

Edit: The backups can be encrypted at all steps (first backup or backup copys)
Edit 2: Veeam B/R is not (F)OSS but very reasonable for the free community edition. Has support for Windows, mac and Linux (some distros, only x64/x86). The NFR license can be aquired relatively easy (from here and they didn't check me in any way.
I like the software as it's very powerful and versatile. Both geared towards Fortune>500 and small shops/deployments.
And the next version will see a full linux version both as a single install and a virtual appliance.
They also have a setup for hardened repositories.

I use asustor Nas, one at my house south east US, one at my sister's house northeast us. The asus os takes care of the backup every night. It's not cheap but if you want it done right.

Both run 4 drives in raid 5. Pictures backup to the hdd and a raid 1 set of nvme in the nas. The rest is just movies and TV shows for plex so I don't really care about those. The pictures are the main thing. I feel like that's as safe I can be.

I use syncthing to push data offsite encrypted and with staggered versioning, to a tiny ITX box I run at family member's house

Hetzner Storagebox

I'm just skipping that. How am I going to backup 48TB on an off-site backup?!

I just rsync it once in a while to a home server running in my dad’s house. I want it done manually in a “pull” direction rather than a “push” in case I ever get hit with ransomware.

Idrive has built in local encryption you can enable.

My dad and I each have Synology NAS. We do a hyper sync backup from one to the other. I back up to his and vice versa. I also use syncthing to backup my plex media so he can mount it locally on his plex server.

Put brand new drive into system, begin clone

When clone is done, pull drive out and place in a cardboard box

Take that box to my off-site storage (neighbors house) and bury it

(In truth I couldn't afford to get to the 1 off-site in time and have potentially tragically lost almost 4TB of data that, while replacable, will take time because I don't fucking remember what I even had lol. Gonna take the drives to a specialist tho cuz I think the plates are fine and it's the actual reading mechanism that's busted)

Rclone to dropbox. ( was cheapest for 2tb at the time )

NAS at the parents’ house. Restic nightly job, with some plumbing scripts to automate it sensibly.

I used to say restic and b2; lately, the b2 part has become more iffy, because of scuttlebutt, but for now it's still my offsite and will remain so until and unless the situation resolves unfavorably.

Restic is the core. It supports multiple cloud providers, making configuration and use trivial. It encrypts before sending, so the destination never has access to unencrypted blobs. It does incremental backups, and supports FUSE vfs mounting of backups, making accessing historical versions of individual files extremely easy. It's OSS, and a single binary executable; IMHO it's at the top of its class, commercial or OSS.

B2 has been very good to me, and is a clear winner for this is case: writes and space are pennies a month, and it only gets more expensive if you're doing a lot of reads. The UI is straightforward and easy to use, the API is good; if it weren't for their recent legal and financial drama, I'd still unreservedly recommend them. As it is, you'd have you evaluate it yourself.

I spend my days working on a MacBook, and have several old external USB drives duplicating my important files, live, off my server (Unraid) via Resilio to my MacBook (yes I know syncthing exists, but Resilio is easier). My off-site backups are to a Hetzner Storage Box using Duplicacy which is amazing and supports encrypted snapshots (a cheap GUI alternative to Borgbackup).

So for me, Resilio and Duplicacy.

My automated workflow is to package up backup sources into tars (uncompressed), and encrypt with gpg, then ship the tar.gpg off to backblaze b2 and S3 with rclone. I don't trust cloud providers so I use two just in case. I've not really been in the need for full system backups going off site, rather just the things I'd be severely hurting for if my home exploded.

But to your main questions, I like gpg because you have good options for encrypting things safely within bash/ash/sh scripting, and the encryption itself is considered strong.

And, I really like rclone because it covers the main cloud providers and wrangles everything down to an rsync-like experience which also pretty tidy for shell scripting.

Right now I sneaker net it. I stash a luks encrypted drive in my locker at work and bring it home once a week or so to update the backup.

At some point I'm going to set up a RPI at a friend's house, but that's down the road a bit.

so if any questions here seem dumb

Not dumb. I say the same, but I have a severe inferiority complex and imposter syndrome. Most artists do.

1 local backup 1 cloud back up 1 offsite backup to my tiny house at the lake.

I use Synchthing.

There's some really good options in this thread, just remember that whatever you pick. Unless you test your backups, they are as good as not existing.