I use several free apps from Objective-See, a tiny security shop owned by former NSA programmer Patrick Wardle, whose current day job is at Jamf. (Because the free apps are so useful to me, and updated regularly, I contribute to Wardle’s Patreon page.)
OverSight sits in the background and gives me pop-ups to confirm when an app takes control of my mic or camera (you can accept, deny or permanently whitelist)
Once a month or so I run KnockKnock, which looks at and shows all 3rd party plugins (and update agents, scripts, and browser extensions), broken down by category, and examines them to see if any contain VirusTotal-specific information about the file, and flags bad or unknown items. I also use BlockBlock, which is basically a real-time KnockKnock - it sits in the background and asks you to confirm when such persistent objects try to install themselves (which is not uncommon during app installs).
And every couple of weeks I also manually run the free version of MalwareBytes. (You get the full version for an x-day free trial, which does real-time monitoring and protects against your drive getting encrypted for ransomware - then it reverts to the manual-only free version after the trial expires.)