Most industries believe their data to be highly sought after, none of it is particularly true. I work in health care, and people are paranoid about data security. Not because of hacker threats, but because there are criminal penalties for failing to secure data in accordance with the mandated standards. The pertinent standard for HIPAA compliance that I have to deal with most is ISO 27001. which goes so far as to require internal communications to be encrypted as well. PCI standards don't even go that far. The reality is that randoms care about money, and your data is only valuable to them if they can get paid for it. They aren't likely to steal your data and sell it, they are likely to encrypt your data and make you pay to decrypt it. In this case, the government will recommend that you pay them to get your data back, learn your lesson, and move on. The only time you really need to be concerned about somebody wanting your data is if your data includes credit card numbers in bulk (thousands of them), or if you've made an enemy who is personally after you.
For the OP, it seems like you've recently become aware of the real threats that exist in the interconnected computing world, and it's freaking you out. A person with little compouting background reading articles about this stuff is like a hypochondriac reading WebMD. If you are really concerned about cybersecurity, find the applicable security standards that are required for your industry, and either implement them yourself, or pay an outside company to do it. If you use 3rd party for things like email, just make sure they are certified to those standards. Resorting to TOR to browse the web, or getting rid of your smart phone is paranoia more than security. If it's government you're worried about then turn off your computer, if they want to get in you cannot reasonably stop them. TOR is traceable if they really want to, they've demonstrated this before. Frankly, lawyers have the least to worry about from government, because government actually respects confidentiality for lawyers, not true for many other professions, like doctors. They won't come after you unless you give them a reason
Remember, you don't have to figure this all out yourself, somebody who knows what they're doing already has, and has auditable security standards defined for your industry. If you're really concerned about it, hire a firm like KPMG to audit you, remembering that it's a full time job to work with auditors