That is a pretty myopic view. >>174
For the most part, the threat to a regular user will come through the either the web browser, or email.
Keep your browser up to date. Use an ad blocker (ublock/umatrix), specifically umatrix has some nice features. Privacy badger, HTTPS everywhere etc..
Keep your email client updated. Don't click on strange emails, don't click on every link you see. Do not even preview strange emails. Make sure your client has a feature that stops this behavior.
Install EMET, configure it to cover your applications and raise the protections to the maximum.
Do not use an admin account for every day tasks.
Modify your local group policy, a good starting point is https://github.com/iadgov/Secure-Host-Baseline
, do not just apply it because it's fairly restrictive, modify and apply it to your needs.
Checking the STIG for Windows 10 is also a good place to look: http://iase.disa.mil/stigs/os/windows/Pages/win10.aspx
Set Windows firewall to deny everything that is not needed. Enable firewall logging and increase the size of the log. Go to your interface settings and disable whatever you don't use, same goes for any services.
Increase the max sizes of your event logs.
This is off the top of my head