Keep all of your software updated and patched. Do this automatically whenever possible, and you (mostly) won’t even have to think about it.

Use a long, random, unique password for every web site where you have an account. Really, use a different one for each site. The best way to do this is with a password manager like LastPass (but a stack of index cards is probably fine too). You still need to memorize your passwords for LastPass and primary email account. It’s easy to generate good, strong passwords from any line from a book or song. For example, “He’s in it for the quiche, you might as well not ask him for no free stuff, capiche?” ==> !Hii4tq,Umawnah4nfsc?

Think about using a Virtual Private Network if you ever connect to public wifi, or if you would like to connect to the wifi at work, but also your friends like to post nsfw memes to Discord. I use ExpressVPN but there are plenty of good options. Edit: The new CIO of ExpressVPN was involved with Project Raven, maybe send your business somewhere else.

Don’t give real answers to security questions, that’s how Sarah Palin’s email got hacked in 2008. Treat these like extra passwords, and store them in your password manager/index cards.

Don’t click on links in sketchy emails.

It’s 2020. turn on HTTPS Everywhere and look askance at any web site that doesn’t have a valid certificate.

Mozilla Blog - Online advertising strategies:

You can reduce what advertisers know about you
Advertising isn’t going away anytime soon, and it probably shouldn’t, as it supports publishers and content creators. And, many of the things that enable advertisers to track you (like cookies) are likely here to stay too. At their best, they make your life easier by storing information and improving your web experience. At their worst, they exploit your vulnerabilities and take advantage of very personal information. But, you do have the power to limit what advertisers know about you. Here are five easy ways:

  1. Use technology that respects your privacy. The Firefox browser blocks trackers by default — over 10 billion every day — so more of what you search for and click on is unavailable for the types of advertising and tracking in this article. And, Firefox automatically blocks known fingerprinters, so when you use Firefox, you reduce your individual profile for advertisers based on your laptop, phone, software, add-ons and preferences. Here’s where you can download the Firefox browser.
  2. Use an ad blocker. Ad blockers prevent ads from displaying in your browser. Because you see and interact with less ads while using an ad blocker, data brokers and the companies they serve collect less data about you. Here’s a curated list of ad blocker extensions that have been reviewed by Firefox’s security team as safe.
  3. Avoid signing into websites and apps through Facebook or Google. Instead, create unique usernames and passwords.
  4. Limit the apps on your phone to the essentials. There are thousands of apps out there that maintain their existence by sucking up your data and selling it to third parties. The buying and selling of location data, for example, is big business and can be quite invasive, especially when it’s combined with other data about you.
  5. Turn off mic access on your computer and phone. Deactivate “Hey Siri” or “Okay Google” and disable mic access for your phone apps. Head over to System Preferences on your Mac or PC to turn off mic access as well.

Chesney on Cybersecurity Law, Policy, and Institutions (PDF)

Privacy threats in intimate relationships - Levy and Schneier, 2020 (PDF)