I would suggest that you set up an AppArmor profile for whichever browser you're using. If you're doing online banking you should configure Firefox to use NoScript and only whitelist the websites you use.
A combination of Firefox with NoScript and AppArmor is likely the best defense for online banking.
If you us Google Chrome make sure you go to Content Settings and disable Javascript - only enable it for websites you use. Also disable plugins, set all plugins to Click To Play.
Make sure you keep your operating system and your browser up to date. There is no level of security that can protect you from an unpatched system.
If the system is off it can't read info from the USB.
I suggest installing TrueCrypt and using it to store any and all information that's sensitive/ confidential. Create a strong password of at least 12 characters and possibly store a key file on the USB drive as well (useful if an attacker pulls the encrypted info, but not the key file, or if the encrypted info is on the USB put the keyfile on the disk).
Depending how crazy you want to get into it you can start to create your own AppArmor profiles for any other programs you've got installed. You can also look into patching your Lubuntu with GRSecurity/ PaX but this is somewhat tedious, you have to weigh the cost and rewards yourself, I don't know how secret your system needs to stay.
For Windows:
Make sure you stay up to date. Check your OS for updates daily, and every second Tuesday of the month there's a large set of patches. Make sure you keep your browser, plugins, PDF reader, document viewer, etc all up to date.
Disable any services (go to services.msc) that you don't use (be careful here, always look up what a services does before disabling it). For example: if you don't print you can disable the spoolsrv service, which handles printing and has been exploited.
Make sure that you're running EMET (here is a guide I've written to set EMET up ) and that you protect all internet facing profiles. Follow the guide and you should stay secure. Potentially turn DEP, SEHOP, and ASLR to Always On to ensure your system makes use of security mitigations.
If you can move to Windows 8, and you don't mind the interface, I recommend doing so. It's more secure than Vista/ 7. If you're still on XP you should understand that trying to protect your system against a determined attacker is virtually futile without completely overbearing policy etc. It's outdated and can't be secured easily, move to at least Windows 7.
I can't think of much else.
Bookmarks