Even with scripts blocked, be careful if you see a new browser tab or instance you don't recall creating. It looks like you have been logged out from a site, but it's actually a fake version (rnyspace.com
for example) and then they steal your password. Storing password in the browser fixes this by getting the habit of not typing passwords everywhere, but the password manager itself needs a password then to avoid storing them unencrypted.
Even if you are not running an internet browser, a badly configured firewall can pose a threat. Close anything that you are not going to use, especially incoming transmissions. Do not open up SSH against the internet with a weak password unless you want to get hacked badly.
Microsoft Office documents can also contain malware, because of the ability to run VB-script inside of them.
Do not use a Windows administrator account when browsing the internet. Linux is safer for beginners by not having administrator privileges by default. Arch derivatives of Linux are even safer by being kept up to date with the latest patches. I have never experienced any badly written code being pushed to Manjaro despite having the latest versions of everything.
Uninstall any browser extensions that you don't recall installing. Especially if it's called "super awesome something" without really explaining what it does.
Keep bookmarks to the official sites for downloading software. Never use the download sites or the Windows store, where fake versions are almost guaranteed to have keyloggers. If you don't need the latest version all the time, keep an external SSD with all your downloaded installers. A virus is more likely to be detected by a virus scan if it was downloaded a year ago. Don't do this with your internet browser, because it has to be up to date.
Block scripts in e-mails too. Even remote content like images can be used to send back information. When you see an image with some long hashed name, it can contain your e-mail address and confirm that you open junk mail to the spammers. Then you get more spam with targeted attacks.
If you use Windows, use a sandboxed browser or create a virtual machine yourself and install a security oriented Linux distribution inside. Oracle's Virtual box actually saved me from Ransomware once, so I just closed the virtual machine without saving the virtual drive's content.
If you have files that you would pay ransom money to get back, burn CDs regularly with projects you are done with. This can both free up disc space for your new projects and save it from ransomware.
If you have a web camera, NSA (and criminal hackers) can use back-doors in your motherboard to enable the camera and microphone while the computer appears to be turned off. Either unplug it or tape it over when not in use.
The UAE and Saudi Arabia bought a virus from Israel that could hack into phones without requiring any user interaction and then they could just screen grab conversations from any program no matter how much encryption the assassinated journalist used. Create your own symmetrical encryption algorithm (to avoid being cracked quickly in batches with other users of the same algorithm) with many moving XOR layers, shuffling, huge ciphers, et cetera. Around one second per megabyte is okay resistance in case that your method has a flaw that can be reversed. Record a long video in the dark with lots of random noise, compress the video together with some garbage photos you haven't shared with anyone, use the compressed video as a random seed together with many layers on top of each other for generating the key (might take an hour or so on a powerful computer), add a pseudo-random generator feeding from the input in case of any predictable parts of the input data, add another layer of randomness from hardware instructions, shred the seed files by overwriting them with random data (don't just delete the pointer to the data), give your friend a copy of the key in advance. Then you can encrypt your message using the key, save it on a USB memory stick and send it from a computer that has direct internet access.
If having work files on your computer (customer data, source code, patents...) you might need a separate computer for accessing the internet to keep your work computer clean. Or you just use up to date Arch Linux with all incoming connections blocked and avoid downloading anything you don't trust.