School me about Malware

[Nonny J. Nonnington III]

Consider this a request from a complete tech dummy. No language too simple for me.

The recent malware/ransomware attacks have me worried about my vulnerability. An NPR talk show not too long ago made it clear that this is the new normal. And today I got something in my Spam folder in my Yahoo account, sent from my name from a .tw domain.

So, what do I need to do to protect myself? Does the mere opening of an email (without clicking any links) present a threat (whether with my Yahoo account, or with my Verizon* account that downloads to Outlook)? We used Outlook at the last place I worked; the IT guy didn't allow anyone to even use the preview pane for emails because he said that presented a vulnerability.** Can simply visiting a website cause a problem? In short, what is risky behavior?

And if infected, how do I protect my data? Is it considered good practice to back up your entire system rather than just data files? (i.e. wipe the entire drive and then download the backup back on to the clean drive.) If so, what service should I use.

I'm using Trend Micro AV software which periodically scans my system. I assume that it periodically updates virus definitions in its database. And I am on Windows 10 which recently forced an update after one of the global attacks, so I assume that it patched a vulnerability they discovered.

In short - what should I do, and what shouldn't I do?

*Yeah, I know, Verizon got out of the email business and turned it over to Yahoo, but my domain still says verizon.net.

**But once a month, like clockwork the system would go down and he would send around an email reminding us not to click on suspicious emails. I guess a lot of people were getting spoofed "FedEx" or "UPS" notifications.