Some people need will really to continue using Windows 7 after support ends on January 14th 2020. This will be for mission-critical purposes, such as operating machinery or static equipment. If this is the case you should ensure that the PC is completely isolated from the Internet, with both inbound and outbound connections blocked.
To achieve this, search in the Windows 7 Start Menu for Firewall and run Windows Firewall with Advanced Security when it appears in the search results. From the main Advanced Firewall screen, click the Windows Firewall Properties link, and you can set the state of both inbound and outbound connections to Block, making sure inbound connections is set to Block all connections. You should make this change for all three network types, Domain, Private, and Public.
You can then allow connections to devices and PCs on your local network, though please remember to only grant access to devices that Windows 7 machine really needs access to, as a malware infected computer or device could then transfer that malware to the unprotected and unpatched Windows 7 PC.
To allow access to your local network, click Outbound rules and then in the right-side panel click New Rule. Choose the Custom rule type and under the Scope link on the right side of the wizard, add the local IP address, or addresses, or the IP address range you wish to grant access to.
At the next screen, Allow the connection optionally choosing to allow it only if the connection is encrypted between the computers at both ends. Set the rule to only apply to Private networks, and save the rule. You will now be able to access resources on your local network using Windows 7, but any inbound and outbound traffic to and from the Internet will be automatically blocked.