Backup is the key! Take a NAS.
I doubt local backups would solve the problem, since what DDOS does is blocking any remote connection to the server.
Unless they have the server running locally, remote weekly backups to a secured personal location would be more helpful.
The admin or main dev could, for example, automate the backup process then have it sent to his FTP server, or even do so manually to avoid any security holes.
And as @rostislav mentioned, even a USB would work. No one can hack your USB remotely from your pocket, yet.