However the last two point doesn't mean much to really good hackers, they can send email virus or make you click on a link or some other way to get in through the backdoor.
There are easy ways to avoid getting viruses like that.
- Use your browser in a sandbox.
- Anti-executable program (VoodooShield for example).
- Good AV (with HIPS)
- Anti-Exploit program (if not added in your AV)
- Not doing stupid shit online.
Also having two-factor authentication can help a lot, my phone has 2 sim card slots so I use my second number that most people don't know I have for security (when adding my number to sites like gmail and paypal).
OT: It is pretty scary how people can find simple ways around security like this. Hopefully, this gives those type of companies a bit of a wake-up call.