"don't just think you're safe just because you have the right tools." - exactly.

This reminds me the quote from Bruce Schneier: "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology."

And yes, my first recommendation for the people is to educate themselves and others. Cyber awareness. However, I sometimes got the question about the "top" (tech) thing what the non-tech people could do for better protection. In addition to the education. Something which helps with preventing the common attacks. Some quick-win or low hanging fruit. Obviously, we cannot expect that 1, 3, 10, or hundreds technical countermeasures will stop all attacks. However, with several simple things, we can help people to prevent or at least recognize lot of common attacks.