Keep macOS up-to-date and all your software. If your Mac is too old to run either the latest macOS or the previous macOS it is time to buy a new Mac. You should get approximately 7-8 years out of Mac before that happens. Apple rarely releases security updates for N-3 which is Big Sur currently.  They made an exception recently because of a rather serious security flaw that Apple fixed.

When setting up a new Mac, create a purely administrative account as the first account. Then use that account to create the user accounts.  Consider not granting admin rights to the user accounts.  This will prevent malware from gaining administrative privileges. This goes a long way to protecting you and when you do need to enter the admin ID/PW it's not terribly tedious.  Just think twice before you do input that admin ID/PW.  

Use strong passwords of 12-20+ characters in length. 
https://xkcd.com/936/ (no joke, it's very serious)

Use the Keychain suggested strong passwords

Turn on iCloud Keychain.

Resolve any compromised passwords ASAP

Consider a 3rd party password manager (not one that was hacked like LastPass)

Be careful entering your passwords in a public space. This especially applies to mobile devices. Use FaceID / Touch ID instead of typing in your passcode / password.  Set a stronger password on the mobile device lock screen which is more than the 4-6 numeric passcodes.  If someone observes you entering your passcode and steals your iPhone they can steal your AppleID and log you out of all your other devices and add or change your recovery key and you may never regain access to your account again.  They also have whatever you put in iCloud so your backups, Apple Pay, documents, etc. If they also stole your Mac at the same time they could probably unlock it using their access to your iCloud account.

Only install software from trusted sources such as the App Store or a vendors main website and never from download or shareware sites.  Think twice if the software is not signed by an Apple Developer.  

DO NOT PIRATE SOFTWARE! It is a very common to find malware payloads inside pirated software.  You provide your admin password during the installation and now you are hacked. Like buying a car with a cat burglar hiding in the trunk waiting for you to park in the garage and go to bed.
Educate yourself about social engineering, phishing, smishing, and scareware tactics.  Be suspicious always. 

Never allow someone to remotely control your computer unless they are fully vetted and trusted. Like your help desk or your techie friend.  But never a stranger even if they claim to work for Apple.

Any communications that use emotion such as fear, lust, greed and / or have a sense of urgency should be considered an attack by hackers or scammers.  Don't fall for it.  This includes phone calls. It also includes websites that throw up frightening errors and warnings to trick you into calling the number on the screen.

Construct a backup strategy and follow it. At the very least attach an external drive and enable Time Machine. it is by far and away the absolute best backup solution for the uninitiated. It's automatic set it and forget it for the most part.  Others are Carbon Copy Cloner or SuperDuper. Some people use a combination of them.  You can also consider cloud storage services or an online backup like Backblaze.