In the absence of a specific adversary or threat model, here is some general advice. Others have said much the same thing elsewhere, but here it goes anyway:
Use a password manager.
Backup your data.
-Apple Time Machine, Apple Time Capsule
Use full disk encryption.
Use two factor authentication.
Use a Gmail account to sign up for online accounts. Whoever controls this email address can re-set all of your passwords. Again, use two factor authentication. If you want to make it harder for an attacker, don't use this Gmail account for emailing other people. This will make it a little bit harder to discover the email address you use to create online accounts.
Update your software.
Use an adblocker.
-uBlock Origin is good.
Use Chrome or Chromium.
Uninstall Flash. Cremate it and throw its ashes into the sea.
Use an iPhone. If you can't afford an iPhone, use an iPod touch with a dumb phone for voice calls.
Use encrypted messengers instead of email, whenever possible (Signal > Wire > WhatsApp > iMessage).
Sometimes an unencrypted voice call is safer than an end-to-end encrypted message, if your adversary isn't a signals intelligence agency. People can be compelled to turn over logs. Writing things down sucks, prosecutions suck, and civil litigation sucks. Lawyers, politicians, and bankers understand this. They know when to speak and when to write. Be like them. Of course, an end-to-end encrypted voice call is the ideal (use Signal).
Keep your home address off of the internet. Use a UPS box (NOT a Post Office Box) to receive packages and for filling out forms that ask for your address.
Keep your life details off of the internet. Life is short and stalkers are not fun.
More in the same vein from the grugq here: https://gist.github.com/grugq/353b6fc9b094d5700c70