The fix malware problems free Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the administrative page from your web host.
There are ways to pull off this, and a lot involve copying and FTPing files, exporting and re-establishing databases and much more. Some of them are very complicated, so it's imperative that you select the right one. Then you may want to look into using a plugin for WordPress backups if you are not of this the persuasion that is technical.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely if you make additions and changes to your site. If you make changes multiple times a day, or have a community of people which are in there all the time, a backup should be a minimum.
Make a note of your new password! I recommend the paid or free version of the software *Roboform* to remember your passwords.
The plugin should be updated have WordPress, play nice and to stay current with the latest WordPress release and restore capabilities. The ability to clone your website (in addition to regular backups) can be useful if you ever need to do an offline website redesign, among other things.