This is what I recommend for personal electronic security in the US in 2018.

  • Use the one best product for a particular function,
    • Phone: iPhone
    • Desktop or laptop: Mac
    • Email: Gmail
    • Web browser: Chrome with uBlock Origin ad-blocking
  • Evaluate each for possible replacement every 2-3 years,
  • Enable automatic software updates,
  • Use web-based services (do use Google Drive or Office365) rather than locally-installed software (don’t use Microsoft Office) whenever feasible,
  • Uninstall all Adobe software if possible,
    • (At least, uninstall Flash and Acrobat.)
  • Use ad-blockers,
    • (Ublock Origin on Chrome, and Purify on iPhone)
  • Use junk call screening,
  • Use multi-factor (AKA two-factor) authentication everywhere possible - especially at important service providers,
    • (such as a passphrase and SMS verification)
    • (note: SMS verification is inadequate if you’re targeted by resourceful attackers. Instead, use Google Authenticator or a Yubikey.)
  • Use a password manager,
  • Back up your data,
    • (Backblaze, and keep a paper copy of critical passwords in a sealed envelope in a home safe, or your credit union’s safe deposit box)
  • Be skeptical when you receive alarming messages about money and passwords,
  • And always ensure your software is up to date.

The full document is also available.