Use your phone less. Install as few apps as possible. Default to skepticism about “free” things: software development is very expensive.
Have good hygiene when it comes to giving out your number: avoid providing it to random companies, and rotate it every now and then. Maybe get a “virtual” number (Google Voice is a good one, but not available in the UK; it takes about an hour to set up something similar for yourself using Twilio, and it costs 70p/month.)
If you’re on Android, have a throwaway Google account that you use only for your phone, but don’t really have any personal info in (no cloud sync, no Gmail, no calendar.) If you’re on iOS, don’t hand out your real information.
Try to have some good hygiene when it comes to handing out personal data. When a random website asks for your name, do you need to give out your real name? Post code, phone number?
Personally, I have a couple “personas” I hand out to services like Google. That makes it more difficult for them to track me across sites. There’s an entire market for personal information of individuals for bad purposes. I would not volunteer any more information than strictly necessary.
You know the drill. Don’t trust publicly accessible WiFi. Use a VPN if you must. That being said, VPN companies are almost all shady businesses with questionable practices (hall of shame: NordVPN, ExpressVPN, HideMyAss, Private Internet Access, ProtonVPN.) Many of them sell snake oil, with no ability for users to verify their claims. I host my own VPN, which is easy enough to do, but the third-party one I recommend (buddy of mine works there) is Mullvad.
Consider how cheap it is to hijack a WiFi network.
Don’t hand out your email address to any random person/service who asks. Rotate addresses, so that it’s harder to track you across services. Use something like Spam Gourmet and Mailinator to get throwaway addresses.
Don’t depend on domains freely given by companies, as that locks you in with them. Get a domain of your own, so you can switch between providers, and even potentially host your own.
Don’t reuse passwords. When a website gets hacked (more often than you’d think,) hackers take snapshots of the user credentials table, and try to reuse them on other sites. Not only that, some services (such as Facebook in its early days) do that themselves: they have your email address and password, they’ll try to use them to log onto different services.
Try entering your email addresses on Have I Been Pwned.
Consider how hackers can use your email credentials.
Use a password manager, such as Bitwarden, 1Password, or Lastpass (I’ve used all of them at some point, and they’ve all been audited for strong cryptography.)
Use multi-factor authentication. I personally use a Yubikey.
Avoid pulling out your credit card when in public: even cellphone cameras have more than enough zooming capabilities to pick up the slightest details from far away.
Have an RFID-blocking wallet to protect from skimmers.
Have separate throwaway bank cards. Monzo and Privacy.com, among others, allow you to do that.
Some very good principles on Richard Stallman’s website. He used to be seen as a paranoid person, but every year that passes, he’s been turning out to be more and more correct.
A good first article to read is his “How I do my computing”.