I'll explain in a little more detail.
Normal backups: your phone encrypts your backup data with a key samsung has, samsung then stores the key.
This is easy and always allows you to recover your data, since samsung has the key. You can't lose the key. Downsides are samsung if they wanted, can access your backup data, they wouldn't, but they could. If someone hacks samsung, they could take the key to the data. If some legal proceeding forces samsung to give up your backup data, they can unlock it.
Backup with enhanced data protection enabled: your phone generates a key, encrypts the backup data with that key then sends the backup to samsung. Samsung has no way to tell what the data is or decrypt the data, only you can.
This means only you can access the data, no matter what samsung or any legal thing does, the backup data on samsung servers cannot be read unless by you. The downside is if you lose the key your phone generated, the data is lost forever.
Now backup is explained, onto the physical phone stuff.
Since every country technically has a way to legally unlock your phone, a second phone is the only true way to keep privacy. It's a kinda extreme measure though since it costs due to needing a second phone.
Also if you're thinking of using samsung secure folder, that can be accessed either by law or a hack device, so don't try that as an idea.
To clarify, random people can't hack your phone, there are companies that create phone hacking devices and only sell them to police and governments. So while I say all this is possible, it would never happen unless some government or police said so.
In terms of general device protection. Use a long pin or password as the unlock method. If using a pin, don't have it auto unlock without pressing ok. Having to press ok means attackers don't know the pin length.
Have auto blocker on set to max, if on the beta, enable advanced protection too.
In the google part of settings, delete your advertising ID and turn off diagnostic data for google and samsung within your phone.
Make sure to make full system backups using a pc. In the smart switch app you can enable extra backup security, backup to a pc you own, now you have a secure local backup.
If security is your worry, google offers the advanced protection program. You need physical hardware keys to enable it. It basically locks your google account to only login if you physically prove it's you with a usb device