Everyone is a target. Rarely is it personal.
Most people/computers are compromised at random. The overwhelming amount of untalented cyber criminals are just moving as fast as they can to spread code written by someone else that somehow makes them money.
Step 1: Accept that fact.
The first thing you need to do to protect yourself online is accept the fact that you do have something of interest. Everyone does. The image above is almost 5 years old, but it is still very very relevant.
Step 2: Accept that your phone holds sensitive information and is also a computer.
Your mobile device, from an attacker's perspective, is not much different from any other internet-connected device. However, mobile devices also happen to be where most people store their most personal information. The image above also applies to any modern phone.
Step 3: Quit moaning about passwords. Use a password manager.
One of the most prevalent "cyber security" issues today is that so many people use the same password for everything, because they have way too many passwords to remember. Using a password manager will generate strong passwords for you, and not require you to remember any of them. Using the same password for everything means that as soon as (notice I did not say if) your password has been made public, every online account that has that password will be compromised within days, and you likely will have no idea that password was ever made public.
Step 4: Enable 2-Factor/Multi-Factor Authentication.
I understand that it can be hindering to wait an extra 30 seconds to log into your account, but when someone else gets a hold of your credentials, they will still not be able to hijack your accounts.
Step 5: Stop ignoring those updates.
Yes, it is almost always at an inconvenient time when you get that annoying pop-up that prompts you to run updates. Just do it. It will go a long way in keeping your private information private.
You need to accept the fact that you do have to take steps to protect yourself. Even these basic steps alone will significantly reduce your risk online, and they do not require you to be a tech genius. I will post resources for 2FA and password managers at a later time. Image source Brian Krebs