Precautionary security measures for a home user? (firewall, antivirus, etc)

Good questions.

Aside from those apps, updating regularly, and downloading from trusted sources only, should I be taking any other precautions?

Not really. Don't run random commands, especially those mentioning sudo, that people might give you on the web, unless it's a trustworthy source or you know what it does.

Beyond that I think the main thing you want to be careful with is web security, eg not typing your facebook password into random other web sites.

Update rigved wisely suggests installing security-oriented browser plugins: Adblock Plus, HTTPS Everywhere, Noscript and WOT. (rigved also says Tor, but I'm not so sure about that, because Tor has major security risks that make it a bad default for most people.)

Update2 Do not use the WOT browser plugin, as it has serious privacy concerns: https://thehackernews.com/2016/11/web-of-trust-addon.html . Thanks to DJCrashdummy for pointing this out.

Must I do anything more with gufw other than checking enabled or are the default settings (incoming : deny, outgoing : allow) sufficient?

That should be fine.

Do I have to manually turn on gufw everytime and enable it (and keep it open)? Everytime I open it the enabled checkbox is unchecked.

It actually does stay enabled after you quit, but bug 850468 makes it looks like it's not enabled, until you authenticate.