That is a fair request for that poster. And in return, perhaps you can tell us how you were hacked and what you suffered as a result. I'm just asking about the process, not your specific information. It might helps some folks here to learn about what to avoid that caught you off-guard.
here are some things, at random:
- when it was a bad idea to take an official update: classic case was from microsoft when they blessed an FTDI driver update. it 'bricked' some usb/serial devices and made the things that used those chips lose functions, sometimes really important ones. MS has hidden their kind of malware in 'updates' and these days they don't even tell you what's inside. since the win7->win10 push, MS has been pretty untrustworthy and I don't just blindly take their updates, even ones marked 'important'.
- giving access to apps that don't need it; so many times, I get spam email from people that I once had contact with (often sales/marketing types) and because I was in their contact list, their infected system is trying to infect me. this is due to unsafe practices, and such a willingness to install apps and 'keep them updated'. again, 'update' is often a bad thing. for a few years, I had a nice cyanogenmod android phone and the home screen was clean and noise free. for some damned reason (kicking myself to this day) I decided to take some google recommended updates and from then on, my home screen is spammed (lightly) and I can't get rid of their BS. no added value, took me backwards (worse than brand new install) and its too much effort to redo the whole thing.
- back when it was still sort of 'allowed', I ran my own mail server off my dsl line. I had a public static IP and a webserver open on port 80 (public port). I would often review the logs and the URL attempts that people tried. I'll be honest, for years, I blocked whole networks that came from china and russia. they were ALL hack attempts. I had good firewalls but the incoming URLs still were trying to hack me. I eventually gave up trying to use my home link for anything public; I wanted my own bandwidth and people who were DOSing me for fun were removing my ability to GET online (from home).
- email attacks; I don't allow html emails and I always view source on unknown senders. so many times, you can see evil intent (so to speak) just by seeing what freaking 'weird' places they want to send you to, via a click or hover-over. by not showing any remote files (like image files or video files) - you are not feeding their validation engine. if you DO allow html emails, just viewing their email will validate you and possibly cause you to run remote code (aka, javascript).
I could write so much more. (I used to teach, back in another life and had no problem filling the time slots. not sure anyone would remember it, but 'DECnet/vax network security' was my course, back in the mid 1980's. yeah, no one would know that today, lol. not super relevant, either, but its about when I started taking security seriously). that's probably enough for now, unless you have really specific questions.