Protect your PC
Use an up-to-date operating system like Windows 10, MacOS X oder Ubuntu. Don't use PCs with outdated operating systems such as Windows XP or Vista to access the internet!
Use an anti-virus software and once in a while check if the signatures are updated successfully. Freeware suggestions: Avast or the built-in Windows Defender due to it's low resource usage.
Don't trust websites! In case something pops up be careful not to accept some code execution or unwanted download. Don't use Flash as it makes it easier to catch so called drive-by downloads.
Don't use an account with local admin rights. Make sure UAC is activated. Best practice is to have one account for daily work and another one for installing programs.
Backup your data regularly! Especially photos, documents and contact data. The cloud is convenient but might have someone else accessing your data if it is unencrypted. Services: OneDrive (25 GB) for photos, YouTube for videos and Dropbox or Google Drive for documente (encryption possible with BoxCrypter).
Encrypt your important data. The tool BoxCryptor creates encrypted files that can be placed on cloud storage providers. Decryption on mobilen devices is supported via dedicated apps for most known platforms.
Protect your data
Protect your browser by using trustworthy blocking addons (e,g. AdGuard, Ghostery, Disconnect). Also consider using alternative DNS or a VPN (for increased privacy). For home networks a Raspberry Pi with PiHole can provide protection for all connected devices.
Perform Cookie Management in your Browser (for Firefox: selectivecookiedelete / Self Destructing Cookies, for Chrome: Vanilla). This ensures that all unwanted cookies are eliminated. Browsers allow a more selective cookie selection nowadays, so built-in cookie control (e.g. block all cookies except from specific domains) can be also effective - though not as userfriendly as 3rd party addons.
Hide your identity (name, address, birthday) when registering for sites or online services - except when you sign a contract or the site is trustworthy. Using dedicated email addresses for logon makes sure that when a site is hacked you can avoid getting spammed. If possible use more multiple addresses for different registrations. One Time Email can be usefull for unimportant services that require a registration (Trashmail, Mailinator oder SpamBog.
Do not use online banking in public networks, also avoid logging into sites that do not support HTTPS. For surfing on PCs that may be unsafe use live-systems like Knoppix, Ubuntu or c't Bankix. To access important webservices on public hotspots use a VPN service.
Create passwords that have at least 8 characters, contain numbers and special characters. A password should never be found in a dictionary. Very important: use different passwords for different services to prevent abuse in case of leakage. Consider using a Passwort-Manager like KeePass (offline) or Lastpass (online).