1. Usually I don't advice to install an antivirus on an Android smartphone, however if it's being used for banking, it's better to use one. For free you get can't get any better than Sophos Intercept X with it's well distributed protection modules and being fully free and adfree. A great paid alternative is Bitdefender Mobile Security
Sophos Intercept X includes modules like Malware protection, Web filtering, Link checker, App protection, Wi-Fi Security, Privacy Advisor, Security Advisor, Secure QR code scanner, Password safe, Authenticator and Mobile Threat Defense.
2. Use mobile data instead of Wi-Fi when connecting to banking apps.
3. Enable device location & install anti-theft application to remotely delete information if device gets stolen
4. Use features available above: Applocker, Multi-factor authentication, Permissions checker
5. Use strong passcode for unlocking your phone, disable face detection (less secure)
6. Better not to use a rooted device, uninstall any un-trusted modded APK's.
7. Check if the banking app is automatically logging you off when not active, use SMS authorization option