Setup a router 'guest' account for Roku, Apple TV and other household streamers. Good idea BUT, to control them from smart phone, will have to switch/connect over to that network. Think my wife will remember to do that, or put with the inconvenience if she does.? Many good ideas here but they are security driven, not user friendly. Need to think some of these through more.
==> And do not forget to change the password of the Administrator account too.
2. Failing to Change the Access Password
==> Also change the admin password of the router (if you're the owner, e.g. at home)
==> Check that admin access is restricted to wired (no admin access via WiFi)
5. Lack of Cloud Backup
==> That is if you trust your cloud provider.
==> Upload encrypted data (with keys only stored locally, not on the cloud).
==> Backup data locally on a NAS which is NOT always ON. When off the NAS is air-gapped which is the best protection. Otherwise backup on a USB external drive which is ON only when you are backing up. Encrypt the backup with keys which are NOT on the NAS or USB drive. Keep a copy(ies) of the backup at another location, e.g. trustable friend or trustable cloud storage.
6. Connecting From Unfamiliar Networks Without VPN
==> ONLY use a paying VPN (e.g. NordVPN, ExpressVPN, etc). Always remember that when you are using something "free" on the Internet it means that you are the "product", meaning the free service is collecting info and reselling it to marketing companies or sometimes more nefarious organizations.
==> Maximize the usage of the VPN: simply always use it. Do not use it only when you access a service that rejects the IP ranges of your VPN.
7. Not Encrypting Your Hard Drive
==> It does not hurt besides some IO speed degradation, but it only provides a false sense of security. File system encryption use key(s) which are on the SAME machine and stored on the disk(s) so that it can boot and mount the volumes. "Good" crackers (plus organizations such as the NSA) will find a way to get at the keys and decrypt your disks.
12. Not Updating Your Router's Firmware
==> Yes! Yes! Yes!
==> Before buying a router always check how often the brand manufacturer updates the router's firmware throughout the years. Tip: this will reduce a lot the number of brands you can choose from.
==> Phishing: assume by default that all the emails you're receiving are NOT legit. NEVER use a Link from an email. Example: if your bank, hospital, health provider or insurance sends you an email with links, open the browser and access your account manually using a bookmark with the validated bona fide URL, then manually go the page you're supposed to access.
==> Practice reasonable decision making when accessing a web site. "Good" crackers do not even need you to click something on their page, they use browser exploits during the page loading phase to attempt to run rogue code, e.g. make your PC member of a botnet for their use or for resell.
==> Recovery: if you have been hacked (including Ransomware). Zap your disks, re-flash BIOS, reinstall OS from scratch (not a backed up one), ONLY use backed-up data from air-gapped systems for restoring your non-OS documents and files.
==> Avoid using "free" apps unless your are certain of their legitimacy.
==> Close your social network accounts: "free" services like Facebook are just giant data collection systems for resell to marketing companies. Law enforcement loves Facebook to retrieve people, not that you should mind about it if you are a honest citizen and do not believe in nutty conspiracy theories. However specialized companies also use it to report if you are respecting the conditions of a client private service company: e.g. they are no pictures of you on the beach or in a bar drinking alcohol while you are supposed to be at home on payed sick leave.
==> With enough data points collected about you from social network sites or from Internet usage, uniquely identifying you is a certainty. Up to you to decide if this is something you care about.