First, protect your device with a password lock. (If you don't know how to do this, check your manual, or one of the how-tos posted by Cornell University IT.)
Consider setting up two-step authentication to make changes to your device settings.
Enable the auto-lock function, so if the device has been idle for a time (5 - 10 minutes is advised), you have to enter the password to access it.
Keep your device's operating system(s) and browser(s) updated, ditto apps that you use often.
Only install apps from trusted sources.
Use anti-virus / anti-malware protection on all your devices, if available.
Back up your devices regularly.
Audit your apps to make sure they are not accessing information that isn't essential.
Don't allow websites or third parties to access information that isn't essential (don't allow them to use your location, and be selective about allowing cookies).
Set up emergency contact (including important medical information that an EMT might need quickly) so that they can be accessed when the home screen is locked -- look for directions to set up medical ID and emergency contacts for your brand of mobile phone. But then, make sure that your other contacts and other personal information is behind a password.
When signing up for something on the web, be sure that:
If you use your personal devices for work purposes, follow all updates and cautions that your workplace requires or recommends rigorously.
When it is time to replace or discard any device that once held any kind of personal data - your phone or laptop, but also iPad or tablet, digital camera, media player or game device, external hard drive or ISB (thumb) drive - be sure that data is deleted securely. It may not be sufficient to just "delete" files.
Don't connect to insecure networks, and don't auto-connect to wifi.
Turn off wifi and Bluetooth when not using them (this will also extend battery life).
If you backup regularly (and you should), also set up the ability to wipe your device remotely if it is lost or stolen.
Check the settings for all apps installed, and (if possible) don't allow them to stay running in the background, or to access to your information (like your Location) when not in use.
If an app needs to stay running, or to push information to you at anytime, or to constantly track your location by GPS, research the provider to see whether you think you can trust them before you allow that. Do: