1. "Administer This"
Create a separate "administrator" account on all computers. You will rarely need to log into this account. Once created, ensure that all other accounts are set at "user" privileges. Use the "user" account(s) as your normal login account(s) for daily work. This way, if a hacker ever does get into your computer, they will not have full access, limiting the damage they can cause.
2. "Public is for Fools"
Don't use public wifi for work tasks, PERIOD. It's not secure, and it is VERY easy to intercept traffic and/or conduct a man in the middle attack. Set a policy, enforce it, and follow it yourself. This includes wifi on airplanes. The only exception is if you have a virtual private network (VPN) in place, enabling you to work securely from anywhere.
3. "The Anti Anti Virus"
Install anti-malware siftware on your machines. It's different than Anti-Virus, and provides an additional layer of security in removing malware from your computer after it's installed. It is good practice to run this on a regular basis. Malwarebytes offers a free version for download that is very good.
4. "Plug Me Not"
Don't use thumb drives or external hard drives, especially if they have touched other networks (such as clients and/or personal networks). The easiest answer is don't use them at all, but if you must, label them as "work only" and track them to ensure they aren't plugged into non work computers that aren't on your network. Don't believe us, USB drives was how Stuxnet, one of the greatest viruses of our generation, spread to it's final target.
5. "Guest It"
Put Internet of Things (IoT) and other non traditional devices on a guest network. First, have a guest network, it's easy to set up on most routers and access points. Second, limit your work network to devices that DO WORK TASKS only. Put all TVs, thermostats, XBox, etc on the guest network. Think of everything you put on your network in the same way you view a door into your office. The more devices you have, the more ways there are for a bad guy to get in, and therefore the more things you have to worry about securing. By keeping devices that aren't critical to getting work done on the guest network, you limit the number of "doors" into your network.
6. "Say Yes To The Update Mess"
Known vulnerabilities are one of the easiest ways in. In fact, there are many automated programs that scan the internet looking for known vulnerabilities that result from out of date software and operating systems. This is easily prevented, just click YES the first time you are prompted for software updates. Better yet, set them to automatically download and install. Want to go the extra mile, check out ninite, it'll take care of (most of) it for you.
7. "Click, Click, Boom Goes the Dynamite"
Don't click, PERIOD. This is the number one most common root cause of small business data breaches. Don't click on links in emails. Don't click on links on social media. Don't download files or software. Don't open email attachments. If you must, make sure you know where it's from and that it is what it says it is (this can often be done by hovering over the link and seeing the actual URL address). Better yet, do it on a computer that you don't care about getting infected (i.e. one that you don't use for work tasks and that doesn't store sensitive information).
8. "Two's Company"
Most web applications now offer two factor authentication. Gmail, Facebook, Online Banking, Credit Card Companies, Payment Processing Companies, Website Hosting Services, etc, etc, etc. It's on you to SET IT UP. It's not that inconvenient to receive a text message with a code you have to enter when logging into a work system, so just do it already! Every single one of us carries our phones around everywhere like a security blanket anyway. Might as well make it an ACTUAL SECURITY BLANKET.