The following are some specific and easy-to-take steps to begin securing your mobile devices:

• Educate your end-users.  Explain the importance of the data contained on their laptops and that it is their responsibility to keep them secured.

• Prepare, plan, and prepare some more.  With mobile devices, it is not a question of if it will happen, only a question of when. Plan for incidents of all types, establish clear and organized procedures for dealing with losses, and have contingency planning for security breach incidents if they occur.

• Get a cable lock for laptops.  Require users to lock them down if they leave them anywhere.

• Consider some form of third-factor authentication for your laptops.  Use biometrics, smart cards or tokens.

• Implement strong passwords on all your computers, using at least eight (preferably ten or more) digits with a mix of numbers, letters, capitals and special characters. And yes, words in the dictionary, common names, and the name of your company should be out.

• Enable a software-based firewall and/or intrusion prevention on laptops, such as:

  • Internet Connection Firewall (included in Windows XP)

  • Symantec Client Security

  • Cisco Security Agent

• Enable virus protection on all mobile devices.  It is now available for PalmOS and PocketPC based devices.

• When installing a wireless LAN, turn on the basis WEP and MAC security features, turn off the broadcasting of the SSID; it’s simple to do but most wireless routers are shipped with all security turned off as the default setting.

• Treat all WLANs as you would any public network; use access controls and authentication such as VPNs, certificates, firewalls, and IDS or IPS on WLAN segments.

• Create a written inventory of all cell phones, PDA’s and other handheld units, recording the serial numbers for the devices and their memory cards.