I'd caution against taking that list of five things as the definitive five most important things you must do. Granted, you should still do them, but don't think just because you do those five things you will be invulnerable to any exploits. It's not an exhaustive list.
The only one that gives me any concern is 5, "Use a password manager". I used Keepass2 because I store the database on my server, backup daily to an encrypted USB stick. I only access it via VPN from trusted devices. Why? Well the likes of Lastpass have been subject to security breaches - they are honeypots to hackers after credentials. Not only that, but the last time I did any research the mobile apps were hopelessly insecure.
My recommendations thus:
1. Patch, patch, patch
2. Use strong and unique passwords for all your important websites, email accounts etc. (..the ones where you store precious personal information or payment details)
3. Use a secured password manager with a locally stored and backed up database.
4. Perform regular backups of your important data
5. Protect your home network with a quality firewall (need not be expensive) - SOHO and consumer modem/routers are too easily exploited
6. Take care with your personal data
7. Take care with mobile 'Apps' and bundled software. Check carefully the permissions they are requesting when installing them. If an app is not essential, I'll tend not to install it.
8. Use a strong key for your home wi-fi network
9. Offer a guest wi-fi network in your home, with limited/no access to your own home network
10. Use Public Wi-Fi with caution - if possible, don't use it all. If you must, ensure non-essential ports are firewalled and use VPN..........................................................
11. Use a quality anti-virus product