On a Mac:<p>Get up to very most recent OS X. A dot release in OS X disabled Firewire while the machine was sleeping, which is important because Firewire is basically a thin veneer around direct DMA access to system memory.<p>Enable FileVault. Unlike the feature that used to be called FileVault, modern FileVault is block-level AES-XTS encryption. (Before FileVault, my recommendation would have been to buy PGP WDE).<p>Tell the system to forget its key during sleep; the most recent rubber chicken to wave for this appears to be "sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25".<p>Power down your machine whenever you can; don't just shut the lid.<p>Buy Knox.app from AgileBits, which is a nice UI on top of the VFS-level block AES encryption OS X does. Create virtual disk drives for each of your clients, or each of your projects, or whatever. Create another for your mail; create another for personal documents. Give each a separate key (you'll rarely have all of them unlocked or need to use all of them). Do not store the keys in the Keychain.<p>Copy ~/Library/Mail's contents to the virtual disk you made for Mail and then replace ~/Library/Mail with a link to that disk; now, you'll need to have that virtual disk unlocked to read your mail.<p>Disable sharing; make sure every box in "Sharing" under Preferences is unchecked.<p>Enable the firewall and block all incoming connections; Preferences->Security->Firewall, Enable, Options->Block All Incoming Connections.<p>Get GPGTools and GPGMail (the most recent official build supports Mt. Lion nicely). Install them, and use GPG, from your Mac only, to send mail.<p>Do not supply your GPG private key to <i>any</i> service, ever.<p>Uninstall Dropbox. Sorry. Dropbox is fantastic. We ban it wholesale.<p>Though we can't use it for a variety of contractual reasons, I highly recommend Colin Percival's Tarsnap for backup.