1. Configure mobile devices to be secure

• Enable auto-lock.
• Enable password protection and require passwords.

2. Avoid using auto-complete features to remember usernames or passwords

• Ensure that browser security settings are configured appropriately.
• Enable remote wipe.
• Ensure that SSL protection is enabled, if available.

3. Connect to secure Wi-Fi networks and disable Wi-Fi when not in use

• Disable remote access features not in use such as Bluetooth, infrared, or Wi-Fi.
• Set Bluetooth-enabled devices to non-discoverable to render them invisible to unauthenticated devices.
• Configure and enable VPN clients software.
• Avoid joining unknown Wi-Fi networks.

4. Backup your device on a regular basis

• Use backup software on a desktop or sync’ing services to insure you have access to data when you may no longer have access to the device or need to restore.
• Configure backups to be encrypted.

5. Use anti-virus programs and configure automatic updates if possible

• Install anti-virus software as it becomes available and maintain up-to-date signatures and engines. Alternatively scan devices periodically by connecting them to a computer with anti-virus software.
• Do not download applications from untrusted sites.

6. Use an encryption solution to keep data safe in transit

• If confidential data must be accessed or stored using a mobile device enable encryption options.
• Be aware of the encryption options available for your mobile devices.
• To avoid data storage consider using thin client models so that data is centrally and securely maintained. 

7. Update mobile devices frequently. Select the automatic update option, if available.

• Maintain up-to-date software, including operating systems and applications.
• Run only manufacturer approved firmware or operating systems.

8. Take appropriate physical security measures to prevent theft or enable recovery of mobile devices

• Use tracking software or features.
• Never leave your mobile device unattended.
• Report lost or stolen devices immediately.
• Change any passwords stored on or remembered by the device immediately.
• Remember to back up data on your mobile device on a regular basis.

9. Use appropriate sanitization and disposal procedures for mobile devices

• Delete all information stored in a device prior to discarding, exchanging, or donating it.
• Inoperable devices should be physically destroyed before disposal.

10. Consider the effects on privacy of use and configuration

• Consider the impact of using services that share or collect location and/or personal data.
• Consider the impact of the information you share and whom you share it with.
• Consider activities you may feel are inappropriate to conduct from mobile devices.

Original document: OIT Mobile Security.