I don't think there's a real answer to this. Some users are still using High Sierra. IMO, if its a home machine then I think one can minimize risk if:
- as you said, keep using the latest Chrome or Firefox (since Safari will no longer get updates)
- Use Thunderbird instead of Mail since Thunderbird is still being updated down to Sierra
- Use secure dns like Cloudflare, Quad9..etc
- Maybe install a paid for malware program like Bitdefender. Now I don't think this is necessary but like I said minimize risk
If its a laptop and you use it outside the house I would then include:
- Don't trust free access points. Use you own or pay for a personal hotspot on your phone or a standalone device
- VPN like Proton VPN, Mozilla VPN, Private Internet Access..etc
The best would be to update to Big Sur (or the next) but then that's not always possible or convenient. I can't use my 2011 MBP on Big Sur and above via OCLP. They will run but there's just too many compromises that I'm not comfortable using it. Another advice would be to buy the next step old mac like a 2015 MBP which is Monterey supported. Good luck to you and to all of us who use Catalina.