It is quite possible for a computer to be set up so that it can be controlled by another computer. This can be very useful if you want to control a network of computers from a single computer, or to run something your office computer while working from home. TeamViewer is an example of such software used by businesses https://www.teamviewer.com/en/
If you have a network of Raspberry Pi computers you might use Virtual Network Computing (VNC) and Secure Shell (SSH) https://www.raspberrypi.org/documentation/remote-access/ssh/
This works well provided that the connection is secured by strong passwords, but all to often weak passwords or the default passwords are used and the connections for remote access are left open even when no longer needed. The result is an open dorrway for criminal access to your computer, and in the worst case the criminal can read all your files, run any software and behave as though they were sitting at your desk.
Other open doorways can be created by remote access to databases, where the computer itself may be strongly protected and secured, but the database access allows the criminal to inject commands into a valid database transaction. This may allow the criminal to download all data, edit data, or simply delete selective items - or complete tables in the database. Any developers making use of databases must know how to block all such attacks before they get anywhere near a live database. It is very easy to make mistakes, and equally easy for the knowledgable criminal to probe online databases looking for the open doors.
Sometimes criminals making phone calls will try and persuade you to open remote access to them in the guise of fixing non existent problems. Once they have gained access they can do whatever they like with your computer and its data.