I don’t really get this article to be honest.
An attacker doesn’t need vscode to expose your closed off network, there are many more terminal tools that can be used for various kinds of attacks, especially if the attacker can smuggle in his own executables, as it’s assumed in the post.
Neither do I like Microsoft nor vscode but to me it looks like the tunnel thingy can (and definitely should) be blocked off easily and it seems to be even documented by Microsoft.
I have a cheap 2 bay synology NAS that acts solely as a backup server for my main NAS in an offsite location as well as a USB drive locally.
Backups run every night with duplicacy
I exclude media files (movies, TV shows,…) from my backup routine due to the sheer amounts of data accumulated over time and the fact that most of it can be re-aquired using public sources in case disaster recovery is needed