Formally, OPSEC is identifying critical information and determining whether friendly actions can be observed by enemies, and/or whether or not information obtained by enemies could be interpreted as useful to them[1]. In the Age of Information™, OPSEC often means something a little different. When referring to OPSEC as it pertains to online/digital safety, it means any information that can be used to identify/trace you, especially sensitive information such as your address or banking details.
While it's important to harden your device security, improving your OPSEC is a great way to protect yourself from malicious entities who may want to use your information to scam, blackmail, or otherwise harm you. Often, they will use this information to manipulate you into giving away your sensitive information or to gain access to important files/databases/servers that you may have access to. Occasionally, these entities will seek to compromise your entire system (be it your phone, computer, or any other device which has a wireless connection) either to hold it ransom or add it to a botnet. Good OPSEC will also help prevent you from losing access to any user accounts you might have. If you'd like to learn more about common attack vectors, see this page.
Well I'm glad you asked! There's a lot of things you can do, but let's start with the two most important ones: improving your internet literacy, and modifying your online habits. What does that mean? Exactly what it sounds like! Your literacy is essentially your awareness- what you know about technology, the internet, and all the bad actors therein. In essence, the more you know, the easier it is to make recognize when something is misleading, dangerous, or fake. Additionally, your knowledge may help make your online experience more comfortable to you, as you'll have more tools at your disposal. Your online habits are, well, how you interact with the web! This includes things like VPNs/Proxies, firewall rules, and browser add-ons/extensions. Good online habits also includes clearing your browser cache semi-frequently. It's also important what browser and search engine you're using- each one may do something different from the next! If you'd like to learn more about these services and different kinds of browsers/search engines, check out this page!
One last thing that a lot of people overlook, and I'd consider it the next most important thing to consider after the things we've just discussed above, is password management. Many people reuse the same username/password combination across multiple accounts, which means if someone gets one of your account's credentials, they might very well have them all. On top of that, oftentimes while those passwords may be considered "strong" by the website's standards, to any hacker worth their salt, they're easy to guess. This is because a lot of people make passwords with some sort of meaning like their birthday, or using common words which can easily be guessed by what is referred to as a "dictionary hacking" tool. The strongest passwords are ones that involve a variety of characters and are truly random. It's also important to update your passwords semi-regularly, at least for your most important accounts such as those for your banking partner or medical provider. Set a reminder! People also tend to readily trust password managers or the password cache in their browser-
While there are some good password managers out there, if you look for them, saving a password to your browser is asking for someone to steal them. Why? To put it simply, anyone who you let use your computer and anyone with access to your browser data will now know those passwords. The password cache is a prime target for any attacks that target your browser directly. Attackers may also steal saved passwords using autofill data. If you'd like to learn more about passwords and account safety, see here.
You can never perfectly protect yourself from attacks, but improving your OPSEC lowers your risk of being compromised.