nostr:nprofile1qyt8wumn8ghj7un9d3shjtnyd968gmewwp6kytcqyrwuuu7w3wd73e67t7rfe5uh6gelvktf953ujdyc7re2krjj4f7c68tua69 
1) Don't use public WiFi. HTTPS has made this advice obsolete.
2) You need a VPN. Only if you trust the VPN provider more than your ISP or if you need to bypass geoblocking.
3) Don't click suspicious links. Dude, *nobody* clicks suspicious links. If a link was clicked it's because it didn't look suspicious to the person clicking it.
4) Check the green padlock icon before the URL to make sure that it is secure. Nowadays many browsers don't show it at all (especially the mobile ones) and some flat out refuse to open non-HTTPS pages, especially ones asking for login.
5) Turn off Bluetooth. While it will save you battery, Bluetooth viruses stopped being a concern 3 decades ago.
6) Don't open e-mails or documents received from unknown people. Many people's *jobs* is to open e-mails and/or documents sent by unknown people. And recently Microsoft has made macro malware pretty much obsolete.
7) Disable Office macros. Yes, if you want Accounting to murder you.
8) Don't use public USB charging stations. Nobody has ever observed the "juice jacking" attack being used in the wild.
9) Regularly change your password. No, change it only if it is compromised.
10) Use complex passwords. No, use long ones (passphrases).
11) Use multi-factor annoyance, sorry, I mean authentication, because it can't be phished. Yes, if it is indeed MFA and not two-step verification, which is what almost everybody uses and which *can* be phished.
12) There are viruses for mobile devices. Not nowadays, there aren't. There's plenty of non-viral malware, though, especially for Android.