1. LastPass / 1Password
2. AdBlocker Extension
3. Modify your /etc/hosts to block a lot of malicious sites.
4. Signup for https://haveibeenpwned.com/
5. VPNs on all wifis not your own.
6. 2-factor wherever you can. But also a place where you can print out your backup 2-factor keys, since losing your phone happens.
7. Have a email for newsletters/spam/signup, another that you use for friends.
8. Use credit cards that can generate on-demand numbers. IE. Both Bank of America and Citi let you generate one time use credit card numbers with set limits.
9. Signup (one time) with your credit cards to warn you for sudden changes in your credit score (ie. to prevent someone opening a loan in your name).
There's probably a lot more that I forgot I do ... it's amazing how little people do here.