http://www.computerworld.com/action/...icleId=9000996

1. Educate users on the importance of security and ways to avoid the loss of their mobile devices and laptops.

2. Be sure password protection is set to "on" for all mobile devices. Most come with some built-in password protection, and higher levels of access security can be added through third-party applications.

3. Install a mobile management system that enforces reasonable data security policies on the widest possible range of mobile, wireless devices.

4. Determine which files can and cannot be downloaded and by which users, and enforce these rules through any means available, including port locking, protecting the company's most sensitive and regulated data from exposure.

5. Encrypt either individual files or the entire contents of the mobile device, depending on the organization's security needs, both for transmission and storage of sensitive information on mobile devices.

6. Enforce connection/VPN security standards for all transmissions to mobile devices to ensure transmission security.

7. Require active firewall protection and virus protection on all mobile devices and update the firewall and virus protection regularly through downloads from a central server.

8. Enable device lockdown and "kill" functions so that, for instance, if a device does not connect to the corporate network for 24 or 48 hours, or if it does attempt to connect after being reported missing, it automatically wipes the data in its memory clean.

9. Log device use to access any data defined as sensitive in regulations or otherwise considered sensitive by the organization (for instance, corporate financials, research results and customer data).
The above is a snippet from a 3 page article....