How to protect ERC20 Tokens

I'm new to this area and I don't know how exatly it works. Can someone explain to me how to protect Tokens from a contract? For example, I have a contract with the function transfer (from address, to address, uint256 value). Anyone who has my contract ABI and address can call the function and transfer the tokens from [0](contracts owner) to the recipient's wallet ?