I read this article in my news feed this morning: The Best Internet Security: Layers of Protection, and Good Habits from Wirecutter.
This is what I have been telling client for a few years now. This approach works to keep your system and personal information safe.
The most important part is good habits. Just the realization that <insert large tech related company> is not going to reach out to you to tell you that you have a problem will go a long way to protecting yourself. By large tech firms I mean: Apple, Dell Computers, HP Computers. The only time they are going to reach out to you is when you have a service agreement with them. You would know if you did, you would be paying a large part of someones salary on an annual basis.
Another good habit is to not open attachments that you are not expecting. Just because it says it is from someone you know, does not mean it is safe to open. Many ransomware attacks start from what is supposed to be an invoice attached to an email.
On a related note: the IRS is not going to call you on the phone because they are about to send the police to arrest you. Why would they give you a heads up on the arrival of the police? They will attempt to contact you via registered mail (signature required).