My safety routine:
I use AdBlock on all my browsers... not just for the legit ads but for the malicious ones, even on some legit websites. ClickToFlash is also installed to stop any Flash elements from automatically starting.
Third party cookies are disabled.
Google Chrome data is encrypted with a passphrase that's different from my Gmail password.
Two-factor authentication is turned on for anything that supports it (DropBox, Google, iCloud, Facebook, Microsoft/Outlook, etc.)
I turn on the firewall and set it to stealth mode even though I'm behind a NAT with no port-forwarding and no DMZ.
I allow only signed software to be installed unless I manually start the installer.
I do have Flash installed, but I make sure it's kept up to date. Same for Java (it's required for an application I need for work).
And I keep two independent Time Machine backups.