Proper understanding of the threats and realistic mitigation of those threats through a solid network architecture is much more important than most simple fixes. Here are some myths...
1) Creating a secure environment is easy - Security is a process, to be evaluated on a constant basis. There is nothing that will put you into a "state of security." Unfortunately, many people seem to believe that simply applying some hardening guide or software to a system will make it secure.
First, consider any of the recent worms because all of them exploited unpatched vulnerabilities, not one of them would have been stopped by any security settings.
Second, settings rarely stop real attacks. There are a few things that are harder to do, but in general, networks do not get attacked through settings that can be turned off. There are a few exceptions but overall security is not an on and off type switch.
2) If we hide it no one will find it - Simply hiding things like renaming the Admin account, turning off SSID broadcasting, etc do not provide true security. They are only an added layer that can help against the casual hacker but not a competinet one. Do not rely on this type of stuff as your main security.
3) Admin rights is just fine - The reason for running as non-admin is to limit your exposure as much as possible. When you are an administrator, every program you run has unlimited access to your computer. If malicious or other "undesirable" code finds its way to one of those programs, it also gains unlimited access.
4) The internet is my only risk - You can get infected from more than just the internet. Friends, work, etc.