Never Click on Links in emails and texts. Assume inbound phone calls/SMS are not trustworthy, rather than the other way around. Do not download something at a callers request, it can take control of your machine and they are likely a fraudster. If your mobile phone stops working – contact your telco and bank immediately as you might have been SIM Swapped.
Get rid of older insecure passwords. All the passwords should be different and strong (i.e. over 12 characters in length). Ensure you have a long and hard to guess Master Password for the password manager. Consider the advice from the UK's National Cyber Security Centre on how to create a strong but easy to remember passwords here – https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0.
Start using Passkeys as support is rolled out from firms such as Apple, Google and Microsoft to replace your sue of passwords.
Try to use as strong 2FA/MFA as possible: The best us a FIDO based Hardware Token. Consider a Yubikey or other FIDO compliant hardware token, especially for the Password Manager. Authenticator App using push notifications e.g. Microsoft Authenticator (especially for Microsoft services). Turn Number matching on for best security. Authenticator App such as Google Authenticator uses TOTP. Phone call. SMS better than nothing, but use above where possible. Priorities for setting up MFA should be: Password Manager; Banking, finance & Cyrpto; Email accounts; Google/Apple etc.; Any accounts that act as a wallet, e.g. Amazon; Any that allow it to be added.
Look to add Call Screening services to your phone and use call blocking and spam reporting services on mobiles.
Lock down social media etc removing unnecessary information e.g. Date of Birth, phone numbers etc.
Don’t use free wifi hotspots for anything sensitive without using a VPN as this leaks your personal data to anyone listening on the hotspot.
Always type in your banks/financial firms login, don't search for it.
Police or your bank will not ask you over the phone for full: PINs/Passcodes; Passwords; OTPs or security codes; Do not give these out.
Regularly back up data to avoid being victims ransomware and enable wiping devices if they are infected with malware.
Slow down, it is not urgent. If the caller says it is urgent it's probably a scam.