Here are my suggested best practices for keeping your financial accounts secure:
1) Select a username that is not very obvious, if your name is Jane Smith don't use JaneSmith1. Using a semi-random username effectively gives you two passwords for your account.
2) Use a strong and unique password at each financial site. Do not reuse passwords, especially for financial sites. And don't share your passwords with anyone you do not trust with your life.
3) Set up two factor authentication whenever possible, and if possible, do not use SMS texting as your second factor. If you want to be really, really secure and you don't mind performing an additional step when you log in, require two factor authentication every time.
4) Set up alerts for any unusual activity and check your email regularly.
5) If possible set up your voice as an identifier with your provider (Schwab calls this Voice ID) and set up a verbal password that is required when you call in (Schwab offers this feature).
6) Secure the email address that you use for your financial accounts with a strong and unique password and two factor authentication. (Keeping your email secure is one of the most important things you can do and if you use Gmail, you get extra credit and the highest level of security by signing up for the Advanced Protection Program).
7) Monitor your financial accounts on a regular basis.
8) Keep your computer OS up to date and practice good computer hygiene, i.e., avoid downloading viruses or clicking unknown links.
9) Do not access your financial accounts from public networks like the wifi at a coffee shop or hotel.
Bonus points:
10) Do not save your financial usernames and password in your browser's password manager. I know it's convenient, and I used to do it myself, but it is a security risk because anyone who gets access to your computer will have all of your usernames and passwords that will be conveniently auto filled when they go to your financial sites. Instead, use a dedicated password manager to keep your usernames and passwords secure that requires a separate login and use two factor for the password manager and choose a password manager that supports physical U2F security keys (the most common brand is Yubikey) as the second factor.
Extra bonus points
11) Access your financial accounts from a Chromebook or a Chromebox only (i.e. using Chrome OS).
If you follow those steps you will be very, very safe and you will avoid virtually all of the risks that you can control. Beyond that, there is little you can do.