1: Antivirus: Whenever Windows is up, it should be running an up-to-date antivirus program. These work in the background, blocking not only viruses, but all sorts of malware.
2: Another-opinion malware scanner: Even the best antivirus program can miss an occasional attack. So, once a week, scan your PC with another program that scans only when you tell it to. I recommend the free version of Malwarebytes Anti-malware.
3: Firewall: Like an antivirus, this type of program runs in the background at all times. But this one controls the traffic between your PC and the rest of the network (and Internet).
Windows comes with a perfectly good firewall, but you should make sure it’s on. Search for firewall and select Windows Firewall in Control Panel.
In the left pane, click Turn Windows Firewall on or off.
Select the obvious option.
4: Updates: Make sure Windows updates itself automatically. In Windows 7 or 8, search for and launch Windows Update. Click Change settings in the left pane. If Install updates automatically (recommended) isn’t selected, select it.
In Windows 10, search for windows updates and select Windows Updates Settings. Scroll down to the bottom of the window and click Advanced options. Make sure Automatic (recommended) is selected.
5: Two accounts: You need an administrator-type account for managing Windows, and a separate-type standard for work and play. If you’re currently doing everything inside one administrator account, go to Control Panel’s User Accounts tool. Create a new Administrator account, then change your previous account’s type to Standard. Continue to do your work in your old, now-standard account.
6: Your browser: Just like Windows, your browser needs to be up-to-date and secure. Go to your browser’s settings to make sure it updates regularly and that it’s set to block suspicious sites.
7: Encryption: If your PC is stolen, why let the thieves get your secrets, as well. Put your most sensitive files in an encrypted container.
8: Passwords: You need a separate password for every website you log into, and each password must be long, strong, and complex. How do you remember them all? With a password manager.
9: Email: Your email client probably has a good spam filter, but it’s not perfect. Some bad messages may get through. Learn to identify them.