First, use long, unique passwords. If you need to remember one, consider song lyrics for inspiration. Longer passwords are more difficult to crack. Never use the same password twice – you will be hacked. Criminals won’t guess your password. You’ve already got it from dozens of massive violations that have occurred in the past. For extra credit, use a password manager like KeePass, LastPass, Keeper or others.
Second, use two-factor or multi-factor authentication (2FA / MFA) anywhere you can – especially on your email account. All major providers support this. It’s an extra step to sign in, but it becomes very, very difficult for your account to be compromised, even if someone gets your password. Cyber nerds will tell you that text messaging (SMS) is less secure. You’re right, but it’s better than no MFA, especially if you’re not being targeted by foreign intelligence agencies.
Third, make your updates the cyber equivalent of eating your vegetables. If you can auto-update something, set it up and forget about it. Make sure everything you use from your phone to your tablet to your computer, operating systems and applications, and even toys like drones and WiFi vacuums, are updated. Restart when prompted. Organizations are rarely attacked by a brand new 0-day vulnerability (which defenders had zero days to prepare for). It’s almost always something that was fixed years ago but never “patched”. That’s 90% of cyber defense.