It sounds like you're relatively safe, but of course, the only way to be 100% protected is not to connect to the internet. There are two considerations, really:
1) Drive by malware attacks, people hoping to infect as many people as possible. Unfortunately, this is not necessarily restricted to suspicious links. It's not unheard of for legitimate sites to be compromised and used to spread malware. Similarly, advertisements can redirect to pages designed exploit vulnerabilities (sometimes in the browser, but more often in some plugin such as java, adobe reader, flash, etc) to execute code on your machine.
2) Hackers targeting you, specifically. This is preeeeeeetty unlikely, unless you stand out as a higher up employee of a company, which increases your value as a target slightly. Targeted attacks are becoming more common, and if you run a company, it's possible that people will attempt to use public information (think LinkedIn profiles, company registries, etc) to socially engineer you into opening that dangerous pdf, or visiting that exploit laden website.
To sum up, it's not just dodgy third party browser addons, naughty sites and cracked software that will get you. Remember to keep your legitimate browser plugins etc patched up, or better yet, disable them if you're not using them. Disable javascript if you're not using it. NoScript is a pretty great extension for Firefox, and there are similar ones for other browsers. It allows you to whitelist sites that require javascript, and you can block everything else. Disable the java plugin if you're not using it. Adobe Reader is the most commonly targeted PDF reader, so consider doing your reading in another PDF reader.