Okay, I'll play.

1. Assume all systems are either compromised or compromisable. This is the reality. Accept it and move on. Be a moving target. Be several chess moves ahead of your opponent.

2. Every morning, nothing happens until operating systems and security software are updated. 8 hours is an eternity in security-threat-time.

3. Your home router is a raging dumpster fire, security-wise. Each unit is massively out of date before you bring it home. It is a royal pain to update; is that a bigger pain than identity theft? And before you do anything critical, e.g. banking, unplug that router for a minute to reset any nasties that may have crawled in while you weren't looking.

4. Consider (if you are inclined) my approach: a disposable Linux universe for general surfing; and a Windows universe for work login, banking, and things that matter. These universes do not share data, logins, structured files, or storage devices, ever, ever, ever.

5. Consider reading this useful site every day (there are undoubtedly others -- open to suggestions!): https://arstechnica.com/information-technology/