Here are a few tips that maybe should not be taken to literally, but are useful to think about and sometimes may be a good idea more directly as well:
Don't have anything to hide, make sure that anything worth stealing involves some physical object not hooked up to your computer. Act as if a random stranger with a concealed face were physically looking over your shoulder at all times.
Keep an eye on your CPU, ram, bandwidth, etc. usage. Even if you were overtaken by a botnet that didn't use a noticeable amount of these than that'd also mean it's not that big a bother anyway.
In general cultivate an intuition for computer science and what exactly your computer needs to be doing at any time so you can notice suspicious behaviour.
Keep your guard up for psychological attacks, hostile memes, and Langford basilisks. If you don't already know learn what those are and how you can protect yourself.
[insert random quote from "the art of war" here]
I know what a basilisk is, but Google cannot tell me what a Stanford basilisk is. (Did you mean to say "Langford basilisk"?)
Hacking and Cracking, Internet security, Cypherpunk. I find these topics fascinating as well as completely over my head.
Yet, there are still some things that can be said to a layman, especially by the ever-poignant Randall Munroe:
Password Strength
Passwords Reuse
I'm guilty on both charges (reusing poorly formulated passwords, not stealing them).
These arguments may be just be the tip of the iceberg of a much larger problem that needs optimizing: Social Engineering, or mainly how it can be used against our interests (to quip Person 2, "It doesn't matter how much security you put on the box. Humans are not secure."). I get the feeling that I'm not managing my risks on the Internet as well as I should.
So the questions I ask are: In what ways do our cognitive biases come into play when we surf the Internet and interact with others? Of which of these biases can actively we protect against, and how? I've enforced HTTPS when available, as well as kept my Internet use iconoclastic rather than typical, but I doubt that's a comprehensive list.
I don't know how usefully I can contribute, but I hope that many on Less Wrong can.