I just finished reading a security checklist made by the Linux Foundation for its
system administrators. I'm going to set them down at least the most critical ones.
Enable Secure boot. Use it in hardware that supports it.
Enable UEFI rather than legacy BIOS.
Full disk encryption via LUKS.
Consider Distros that are widely used. Consider distros with automatic updates.
Use two browsers-one for work related browsing and the other for play or the rest.
Consider these add-ons for installation. No Script. HTTPS Everywhere. Privacy Badger.
Use a password manager. Use unique passwords for all sites.
Protect your SSH keys and PGP keys.