Ensure you use a password to protect your user account
This should be required, but even so, make sure you always use a strong, lengthy password.

Don’t use an admin account for daily activity
For everyday computing, log in with a basic or standard user account. This is likely to be the default behavior when creating a new account, but it’s worth double-checking your account’s status. Note that some system-wide actions will require you to log in with the administrator account because of restricted permissions.

Encrypt your data
Full disk encryption is ideal, but it’s also possible to encrypt just your home directory, for example on a shared machine. This is usually done during installation, and is difficult to do afterwards. In that situation, the easiest solution is to backup your data (always a good thing!) and then re-install the OS selecting encryption options.

Keep your system updated
It’s usually easy to keep both Linux and installed applications up to date. At the very least make sure updates for security are installed automatically.

Periodically check for rootkits
This can be done by installing a rootkit detector such as chkrootkit, which is easily run with the command sudo chkrootkit.

Lock down remote connection settings
If you use SSH for remote access, there are some simple steps to reduce the risk of attack. The easiest is to use a port other than the default port 22 (and below 1024). You can also prevent remotely logging in as root with PermitRootLogin no in the SSH config file.

Turn off listening services you don’t need
Some daemons listen on external ports. Turn these services off if not needed, for example sendmail or bind. This could also improve boot times. To check for listening services, use this command: netstat -lt