Something I would definitely
add to the list (and for me I think it should be near or at the top of the list) is that it is
imperative that people use a password manager tool such as Dashlane, Lastpass, 1-Password etc.
So many people rely on the same, or nearly the same password for every site they sign up to, be it a shopping site, a forum, twitter, facebook, iplayer or whatever.
The cast iron certainty is that one day, one of these sites will be hacked and then the hackers will have your email address and password and maybe even your name, address and credit card details. Worse, they will sell the list to other criminals who will pay money for this. And why? Because they absolutely do plan on trying all the email address and password combinations on a variety of popular websites - amazon, ebay etc. So even if your credit card details weren't stolen, you're still in trouble.
God help you if your email password - Gmail, or Hotmail or whatever - is the same or you're in even bigger trouble.
I don't mean to alarm people but this is such a serious risk. You really should have a different, strong password for all the sites you visit and CRITICALLY important, under no circumstances use the same password for online shopping accounts such as Amazon as you do for forums or other social channels. The only practical way to do this, is with a password manager.
As as start, check to see if your email address has been found on any stolen lists:
https://haveibeenpwned.com/