If you want Time Machine to back up files in iCloud, you need to have them all downloaded locally.
To do this, go to System Prefrences → Apple ID and make sure the “Optimize Mac Storage” box is unchecked. Of course, this requires enough space on your boot disk to store everything you have in iCloud Drive.
At $36/year for personal use, it is probably worth it.
I’m not sure how much you earn in one hour, but I would not be surprised at all if that’s more than $36.
I’m pretty sure that creating your setup and maintaining it will take more than 1 hour/year…
Well that depends on how I count it. If I calculate it based on an 8 hour day, a lot more. If I count it by my actual hours, more like .36/hour. 
I’ve made good progress on the security front–thanks to the good advice here. If you will indulge me I have two more questions.
Advice?
I realise this might be unpopular (and late), but as a slightly contrary point of view. As some one that used to be responsible for thousands of computers and has done various types of sysadmin and support work for decades …
In all that time I can’t think of a single instance where a Mac or Linux machine had a security breach which resulted in significant data loss or leak. I’m probably forgetting something but all the (non-Windows) data loss/leak incidents I can think of were either hardware failure, software bugs, or human error.
I used to investigate data leaks in the film industry and, with one exception, all of the data leaks were due to a high level manager sending something that they shouldn’t to a friend … who then forwarded it on to some one … who forwarded it on to someone …
I’m not saying that security isn’t important, or that bad things don’t happen. What I’m saying is you’re vastly more likely to lose/leak data due to something other than a security issue.
And with that in mind there’s safety in simplicity. Every additional layer of security is an opportunity for software bugs and human error.
Encrypted drives are great, but I’ve seen unrecoverable encrypted drives because someone lost the key. MFA is great, but I’ve seen accounts lost forever because someone lost their auth token.
By all means if you keep a spare backup in your car (which is a good idea, I might do that!), encrypt it. But also think about what happens if you lose your encryption key. Do you have a way to recover your data? What if your laptop dies? Can you get your encryption keys to do a restore? Personally I always keep an unencrypted copy somewhere.
Again this also all depends on what the risks are. What’s at risk if a particular set of files are lost/leaked? Unless you are storing high risk, high value documents … Filevault and a good password manager covers the bases. If you have a small set of documents that need heavier protection something like Cryptomator or an encrypted DMG stashed on a Cloud service, probably does all you need.
I second everything in @adamshand’s answer, especially this quoted part. Complexity is the enemy. The more complicated systems are the more chances there are for them to fail.
The grey key icon at the bottom is Apple’s Keychain. The blue keyhole is 1Password. I always turn off the 1Password option to “Show inline menu in Safari” so the two don’t overlap.
Thanks, this is what I was assuming but not certain. Also, thanks for the tip. I didn’t know there was an option regarding the in-line menu in Safari. I’ll certainly make that change. Much appreciated.
" ‘Things should be made as simple as possible, but no simpler’ - Albert Einstein " - Albert Einstein.
… bingo, and that is where every discussion about security should begin, frequently revisit, and end.
(I do think that in nearly all cases, backups should be encrypted, but your point about a threshold beyond which more security controls can result in a decrease overall security (in this case either availability or integrity) is a good one.)
This has always frustrated me and I didn’t even think to check if it was an option to turn off. Thanks for the tip!
Just don’t forget to take it out of the glove box when you take the vehicle in for a service!
