@Heiditravels - Great job, i think MFA (multi-factor authentication) is one of the most important points that's usually very easy to implement, (Grab an app like Authy, or Google Authenticator) and scan a QR code
(and backup the recovery codes or use whatever the platform backup offers, in case you lose your phone).

The only thing I would add in regard to crypto is try to limit (as much as possible) the amount of crypto you have on an exchange. i.e. in your 'account' as opposed to a wallet you have control over. The reason for this is that an exchange is a much larger target with a much better pay-off if it's compromised. Why go after individuals when there are literally millions of dollars worth of crypto in a single exchange?

Look forward to more