Isn't the easy solution to suggest the following? I've only been thinking about this for less than 2 years but it's good practical advice. Maybe not enough for Bitcoin community celebrities, but def enough for no coiners and regular plebs. Maybe step 0 run malware scanner or do it all in Tails.