The purpose of this post is to have a place to point friends and family for advice on staying secure online. This is not targeted at advanced users.
Stay up to date
This is the most important thing you can do: keep all of your software up to date. Whether you are talking about Windows, OS X, iOS, or Android, if you are not running the latest: you are not secure. Wherever possible, turn on automatic updates, and check on your updates from time to time.
Don't Use Flash
Adobe Flash Player is dangerous. Really, don't use it. Just uninstall it. It is not secure. Sites like YouTube all support native HTML5 videos now. You will still be able to get your cute kitty video fix without flash.
Don't Use Java (in the browser)
Unless you know you need Java (like you're a Java developer) you probably shouldn't even have it installed. It is nowhere near as much of an issue as flash, but the Java browser plugin is still regularly exploited.
Don't Use Internet Explorer
To be fair, Microsoft has been getting its act together, but IE should still be avoided. Firefox, Safari, and Chrome are all better choices. Microsoft's new browser: Edge, does show promise.
Don't Click on Links in Email
Unless you are 100% sure the email is from where it says it is from, don't trust it, don't click on anything in it. It is not hard for the bad guys to create emails that look like they are from the major social networks, or from your bank. If you get an email for a friend request, or a notice of fraud detection from your bank, just log into the social network / bank manually. Clicking on the link, if it isn't from where it claims to be, could be exposing you to all sorts of risk.
Don't Open Attachments in Email
Same as above.
Add Some Helpful Browser Plugins
HTTPS Everywhere is available for Firefox and Chrome, and will try to force your browser to use secure (https) connections whenever possible.
uBlock Origin is available for Firefox and Chrome, and is an ad-blocker. You can white list sites you want to allow to still show ads (if you're feeling bad about the sites not being able to monetize) but it is generally a good idea to have an ad blocker running as you browse. Ad networks have become a popular way for the bad guys to get malware onto major sites that you would never consider risky.