This is a cut-paste from various sources in the internet. In due course I plan to systematically organise this info.
1) DO NOT USE WINDOWS XP OR WINDOWS 8
Users of Windows Vista, Windows 7, and Windows 8.1 can easily protect themselves against the main route of infection by running Windows Update on their systems.
Microsoft’s policy is that some commonly used versions of Windows no longer receive security patches; those versions include Windows Server 2003 and Windows XP, both of which have not been sold for over a decade; and Windows 8, which some users prefer to the supported Windows 8.1 because of differences between the two versions of the operating system. [Source]
2) CREATE A SECURE ADMIN ACCOUNT ON WINDOWS AND ALWAYS USE GUEST ACCOUNT FOR DAY-TO-DAY PURPOSES
The admin account must be ultra-secure.
3) DISABLE REMOTE DESKTOP ACCESS
Visit the appropriate Microsoft Knowledge Base article below:
4) YOUR BROWSER IS YOUR ACHILLES HEEL. STRONGLY SECURE THE BROWSERS
Also remove outdated plugins and add-ons from browsers. + use an ad-blocker to avoid the threat of potentially malicious ads.
5) TAKE ALL USUAL PRECAUTIONS
Never open spam emails or emails from unknown sender, never download attachments from spam emails or suspicious emails, never click links in spam emails or suspicious emails. Keep all software updated. Use antivirus etc. software. Keep offline backups of everything.
6) INSTALL FREE HEIMDAL SECURITY
7) USE (FREE) IBM SECURITY TRUSTEER RAPPORT
Get the free version here: http://www.trusteer.com/en/landing-page/ebay
Then for EACH highly secure website (e.g. bank account), enable Rapport. This will STOP any unauthorised screenshots from such websites.
8) ENABLE ‘Show file extensions’ OPTION IN WINDOWS
This will make it much easier to spot potentially malicious files. Stay away from file extensions like ‘.exe’, ‘.vbs’ and ‘.scr’. Scammers can use several extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or doc.scr). [Source]
9) MONITOR PROCESSES ON TASK MANAGER
If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) — this will prevent the infection from spreading. [Source]
10) AVOID ONEDRIVE/ GOOGLE DRIVE, ETC. BEING HACKED
Dropbox/Google Drive/OneDrive/etc. are very vulnerable since they are turned on by default. Try to stop them from doing so, and only turn them on once a day to sync. [Source]
11) TURN OFF MACROS IN MICROSOFT OFFICE SUITE
Such as Word, Excel, PowerPoint, etc. [Source]
12) REMOVE ADOBE FLASH, ADOBE READER, JAVA AND SILVERLIGHT PLUGINS from browsers.
If you have to use them, set the browser to ask me if these plugins are to be activated when needed.[Source]
13) USE A VIRTUAL PRIVATE NETWORK
By using a VPN, you can greatly reduce your exposure to attacks looking to “sniff” and exfiltrate the confidential data you send and receive over the Internet. [Source]
14) SET UP A PROXY
A proxy is a dedicated computer or software that runs on a computer which acts as a middleman between your computer and your Internet connectivity requests. [Source]
Some backlists (both free and paid) you can use to set up your proxy are:
15) TURN YOUR FIREWALL ON
Windows has its own firewall you can use for free and we encourage you to keep it on. Some antivirus products include a firewall in their suite, next to their antivirus engine. This may disable Windows Firewall, so make sure to check your settings to ensure that you’re using a firewall from a trusted source. [Source]