Don't carry over your ATM PIN to be the same as your unlock screen PIN. Please make them different numbers, or better yet use a passphrase or complicated pattern, with pattern visibility turned off. We tend to look over our shoulders when we're entering our PIN to purchase something or to withdrawal money from an ATM, but we're often less careful about looking over our shoulder when we're quickly responding to a message or e-mail. Sadly, it might be determined by the smudge and oil on your fingers on which numbers you are using, although not necessarily the proper order to unlock your device. One fix in the past has been to randomize the placement of the numbers so the smudges are not consistent every time you unlock your device.
Please set some sort of lock on your phone, even if its four digit number and the numbers are always in the same place. One of the reasons for this is to keep out casual snoopers, not necessarily a total defense against a hacker. People around you might want to access your personal information or email or social networks, or just go through your data to cause drama. Most people can remember at least 5 numbers in sequence, (867-53....) if not more, so the old way of a four digit PIN isn't the greatest way to secure a device, if you have other options, consider them.
The reality of passwords is that ones that are not complicated are the highest risk of being guessed by a brute force attack. One of the most popular attacks is called a dictionary attack, where someone has a really big hard drive (or access to a large network database) where it just tries a password one at a time, through the millions or billions of combinations needed until it either figures it out or gives up. Right now ( 2015 ) a person can pick up a hard drive at Walmart that holds trillions of bits of information. Dictionary attacks are becoming a common security risk reality. Computer repair techs have used them legally to unlock a computer with a lost password for customers, so owning the dictionary database is often legal, only using it for malice is illegal. This isn't legal advice, but owning the dictionary alone might not be a crime depending on where you live. That's scary.
On mobile devices with removable storage, the storage itself can often be removed and read easily by anyone with an adapter and a laptop computer. On Android cell phones, you can often just pop out your microSD card to drag and drop some music onto it from your computer. Sadly, there may be other information saved on that microSD card that could be copied off, which is a risk if someone else gets ahold of your phone and pulls the microSD card out.
Newer phones often have the ability to encrypt storage including the removable storage. If you're worried about someone being able to pull out and access your memory card, consider enabling this feature. It's going to slow down your phone, but depending on how fast your phone is, you might not notice. It's typically a one way trip to encryption. If it slows your phone too much, you might have to reformat the SD card and start over again, often times needing to reinstall many of your phone apps. For most people, if there's not much private information your phone, it might not be worth encrypting if it's going to cause your phone to be difficult to use. You have the potential for an app to store a password in plain text inside a file on your memory card, if its been designed poorly. With millions of apps, with millions of programmers, its possible one of your apps might do that. Take that into consideration.
If you're going to need to secure private banking, health, or intellectual property data, you might consider hardware encrypted devices, which if configured correctly are much more difficult to break with a dictionary attack. You can find some of these devices on Amazon and other online retailers.
Computers themselves sometimes offer either software encryption or hardware encryption. Just like a mobile device, enabling encryption can slow down your system, and its often difficult to switch back to a non-encrypted system without starting over.
No amount of encryption is going to make you immune to social engineering, which was used by famous hackers in the past. In a scene of the recent movie, “Jack Ryan: Shadow Recruit”, an intelligence agent was tricked into giving away his password. This is more common in the personal and business world. There's almost no reason you'd ever have to verbalize your password over a telephone call, so if someone calls you demanding a password, even politely asking, its most likely a scam.
Remember to Keep Backups
If you're a techie, you can do some research on enabling RAID storage for your systems. RAID configuration is way beyond the scope of this website, but its something good for a geek to know.
One important point to note here is that if you are securing your backups with the same password as your main system, if someone figures out your main system password, they could wipe out both your main system plus your backup, leaving you with nothing. It's advisable to use a separate, distinct password for your backups.
If you're relying only on Cloud backup, just remember that things can happen that lead to corrupt files or accidentally deleted data. Don't assume that your Cloud backup is always going to work perfectly. I'd strongly recommend you keep a physical backup if you can do so securely. Obviously, if you have no way of keeping your physical backup safe, you have to weigh the benefits versus the risks, which is something only you can figure out on your own.
Apple computers have a mostly automated backup system called Time Machine which is great to enable if you have a USB hard drive or a wireless hard drive. If your Apple data is encrypted, the encryption should carry over when using Time Capsule. There are numerous solutions for Windows computers but I'll let you research that on your own. Just remember that even with Time Capsule, if your backup is located in the same building as your originals, it's at risk of being lost. A fire or flood could cause both the original and backup to be damaged or destroyed, leaving you with no copy of your data, unless you placed it on the Cloud, or you have a secure copy in another location.
If you choose to carry your data on a USB drive, you need to decide if you want to keep it encrypted (which I would suggest if you're carrying around any financial or medical information). If you're planning to keep a USB drive in your pocket, take into consideration that not all thumb drives can handle long exposure to heat, humidity, or exposure to water. If you're going to keep your backup data with you, please select a well-reviewed, rugged solution. Here are some examples.