For most people, they don't need all the 'security' features we've seen coming with Windows of late... drive encryption and such.
It adds complexity and fragility to the system, and one little slip-up (forgetting your encryption passphrase) means you lose all the data on the drive... it's still there, but you can't access it... it's as good as gone.
Most people have a secure physical location (their home), the machine is in their presence when it's being used and is otherwise either shutdown or in sleep mode with a password required to access it, there's little chance of the machine being stolen or used by unknown persons, and the machine owner doesn't have information that's so security-critical that drive encryption is necessary.
The greatest threat, then, is peripheral... via wired or wireless connections, whether that be bluetooth, WiFi, NFC, etc. One needs perimeter security to keep out malicious code (generally taken care of by the security features built-in to the OS) and malicious actors (generally taken care of via firewalls and passwords).
If you've enabled PPPOE-on-machine on your computer so it's got a WAN (Wide Area Network) IP address, and you've not enabled the software firewall, you're at greatest risk... your machine is wide open to the greater internet.
If you've got a NAT (Network Address Translation) setup where your modem or router contains the PPPOE settings and has the WAN IP address, and the machines behind that router have LAN (Local Area Network) IP addresses, and you've got the hardware firewall on the router enabled and the software firewalls on the machines behind that router enabled, you're far safer than the prior example.
My setup:
Internet
<-->(WAN IP Address xxx.xxx.xxx.xxx) Modem
(192.168.1.1) <--> (192.168.1.2) Wired Router
(192.168.10.1) <--> (192.168.10.2) Wireless Router
(192.168.100.1) <--> computers
(192.168.100.x)
The modem has a rudimentary firewall to keep out others on the same wire (cable modems are a shared-bandwidth connection), the two routers each have hardware firewalls, and the computers each have software firewalls.
You'll note each device has two IP addresses (except for the computers at the end of the line)... a WAN IP address and a LAN IP address. That's what NAT does, it translates one IP address to another. I've merely given the WAN IP address interfaces on the routers LAN IP addresses in the 192.168.x ranges.
That, combined with a firewall on each device, makes it much more difficult for bad actors to access your machine remotely.