Today, mobile systems such as smartphones and tablets are full-blown computers. You can use them to connect to corporate networks and to produce, consume and share content. Therefore, these devices need to be treated like computers. You need to deploy and maintain security software, such as anti-malware and anti-virus software. You need to use encryption for storing data on the devices and for sending and receiving data, especially with the corporate network.
You need to apply your organization’s standards and security policies, when applicable. For example, you need to ensure that the devices are running the latest version of the software and have the latest patches. To deploy and maintain the devices with a secure configuration, you need centralized management software so you can report on vulnerabilities and risk, and manage devices in bulk or with automation.
At the device level, you need to require screen locks, strong authentication and encryption. You need to be able to remotely lock and wipe devices in the event a device is lost or stolen. Even with these things in place, you should restrict mobile systems to non-sensitive data, so they can’t read or store PII or other confidential information.