And no one wrote the main thing in the answer:
Create a user with user rights and not sit under the admin account :)

The first is to check the WiFi password here.
Second, you don't need to download anything, and you need to pay attention to the checkboxes so that this does not happen:
And the third is to remove your antivirus.

0. Install Windows after disconnecting from the Internet and after downloading the distributions and bases of the necessary software.
1. Install real-time autoload control ( ATM , for example, only refuse any rubbish offered in the kit during installation.)
2. Install and CONFIGURE a firewall ( CIS , for example).
3. HIPS is a must. (The same CIS provides)
4. Antivirus with access check / cumulative scanning and preferably with file control by hash (the old Outpost was able to do the latter, but CIS and especially leaky KIS cannot). But in general, its share in the modern security system is small. Although it should not be abandoned.
5. For unreliable software (the same browser for surfing anywhere) use sandboxes (sandbox). It can be built-in (there is in CIS), it can be separate ( Sandboxie for example), you can use both options, like me :)
6. It is advisable to use local traffic monitoring. Forced local proxying of anything and everything.
Do not use WiFi :)
There is no absolutely reliable way to protect what is available to everyone. On air. But you can increase security by googling and studying the question (a little theory and specific models of routers and transmitter chips) "hacking WiFi".

Open the regulations of FSTEC, FSB, STO IBBS, PCI DSS, ITIL and configure point by point