Re: Maybe this isn't so bad.
Was thinking exactly the same, even as I very much enjoyed the humour. Of course all this is dreadfully obvious... and equally obvious is that fact that despite having been able to read exactly the same advice from every imaginable source for the past decade or more, people still don't bother to take even the simplest and least invasive precautions analogous to keeping their homes' doors closed when they've stepped out (never mind locking them). Although criminal actors will undoubtedly raise their game if everyone did, there would still be less of this sort of crime overall as the laziest and least competent criminals would be forced to the sidelines and the remainder forced to work harder.
I don't know why Google are bothering, though; their company's brand is so untrustworthy that it's impossible to imagine anyone who has ignored the likes of CERT, IEEE, The New York Times, and the Bank of England is going to read this Google report and suddenly decide to implement rudimentary security measures. For the rest of us who might have welcomed a serious threat intelligence report, Google are more likely to be included in the threat model than the solution space. As the saying goes, they're more on the supply side of crime. Accordingly, they've left out an equally obvious and important aspect of information security they'd rather you not consider: choosing your tools and suppliers wisely.