It is well known hackers, the NSA, CIA and other groups have created malware to secretly turn on your webcam and microphone on your phone, tv etc.. But fortunately on our computers and laptops we have some options.
Most webcams use the "uvcvideo" kernel module / driver. You can disable this in two ways on boot. I recommend both just as a failsafe.
Disable it on rc.local once your system boots automatically
Add the following to /etc/rc.local:
Even if the kernel module was loaded during boot this will unload it.
Disable it from loading at all in blacklist.conf
Now of course note a hacker who gains access as root/admin could still load this driver and spy on you but it is a reasonable amount of privacy. To increase security you should use electrical or duct tape over your microphone and webcam itself.
As a more invasive mode you could also edit your initramfs and kernel not to even contain the driver (but the issue is that on kernel upgrade the uvcvideo driver will be back).
You could also use a cronjob like this every minute:
*/1 * * * *
This would try to unload the driver every minute just in case something malicious did activate it again.