I typed this up for a friend and thought I'd share it here too.
1. Password manager: Get one and use it properly. See: https://www.gsharratt.com/2020/03/set-up-password-manager-nice-covid-19.html
2. Two-factor authentication: Definitely start using Authy on important accounts. See: https://www.gsharratt.com/2020/03/set-up-password-manager-nice-covid-19.html
3. Background on Internet storage and backup (and zero knowledge): https://www.gsharratt.com/2016/07/are-your-cloud-backup-and-storage.html
4. Backup: I suggest you start using (zero knowledge) cloud backup. Best and most expensive is CrashPlan (see item #3 above), next is BlackBlaze (a bit less secure, a bit less expensive -- https://www.backblaze.com/), and next is Sync.com (not quite a good for backup but great for syncing files between devices -- see item #3 above). This backup will run automatically always or every day (your choice) and you'll never have to think about backup again. It's a good idea to keep doing your local monthly backup too.
5. Strongly consider encrypting your computer drive and your backup drive. Unless they are encrypted, if someone steals your computer or your backup drive, they can access all your data. See the link just below. File Vault 2 comes with Macs. On Windows, BitLocker may be bit harder to do. If you use BitLocker, you get encryption of external drives too.
6. General security hygiene: https://www.gsharratt.com/2018/05/core-security-advice-for-general-users.html
7. Make sure you have a strong PIN on your phone, 8+ digits, and turn on auto-wipe after 10 wrong guesses.