It also doesn't hurt enabling your firewall if your operating system has one by default or installing one online. A trusted antivirus software is MalwareBytes. Always pay attention to security alerts and keep your operating system up-to-date.
First let's talk about malware. Whenever you're downloading anything online it's wise to scan it before installing it. A free website that will scan your files through 50+ trusted antiviruses for free is Virustotal.com
Another known form of exploitation is social engineering. You may have seen spam emails from time to time where people claim they need your help and ask for some sum of money, promising to return a lot more later on.
Of course this is just the simplest form of social engineering - it can get much more sophisticated than that.
Never be gullible online, always make sure you've confirmed the person you are talking to online is really who you think they are, not an impersonator.
And remember, if something sounds too good to be true, it usually is.
Last but not least, a less known method of explotation is by using leaked databases.
Every now and then, hackers manage to find back doors to websites and access their databases, usually containing personal information like users names, e-mails, passwords, IP-addresses etc.
This information is then sold to leaked database collection websites where regular people can purchase subscriptions to get access to these leaked databses.
An easy way to check if your information has ended up on a leaked database collection is on a website called haveibeenpwned.com
Remember to AWLAYS use a different password on each website, that way if one of your passwords get leaked, it can't be used to log into another website you are registered on.