How do you handle mobile security?
Handling security on Windows Mobile Devices is a two-fold process of securing the device, which concerns just about every personal user of a handheld device and the network it resides on(whether it be a cellular connection, home or work network, USB or bluetooth connection to your PC). For the Enterprise user an extra step is needed to allow secure access to your corporate network and mail server through certificates,VPN, etc. In a corporate environment policy should play a key role in securing your Windows Mobile devices. Basically one way to do this is copy your laptop and mobile pc policy and replace those words with handheld devices and then the toughest part - actually following that security policy.
Secure the Device:
It comes with a simple PIN password and it even asks you for a password when you first set it up and I am sure most people don't want to be hassled when it comes to accessing their device to enter a PIN everytime they use the device with the addition of QWERTY keyboards on more and more devices this becomes a much easier task than it has been in the past. You can also adjust the timeout feature when a password is needed again. Another added benefit is that a password is needed if someone tries to connect your Windows Mobile device to a computer.
It is highly recommended to go one step beyond a simple pin to a more secure password (and if you have a password policy for your corporate PCs follow the same thing with your handheld devices.
You can also now encrypt your storage card with Windows Mobile 6. The caveat being if you remove the card and wish to use it elsewhere you have to remove the encryption. Also if you hard reset your device you will also loose access to the card since the encryption key is stored on the device.
There are several third party applications out there that allow you to encrypt your Windows Mobile device as well as manage the security on them remotely like Credant Mobile Guardian.
Secure your Network:
If you access the internet via your cellular service you are pretty much at the mercy of their security layers. Some carriers do have encrypted data channels so if it is a major concern of yours be sure to ask your carrier if they provide this.
Secure your WiFi use the highest level of security available to your device. Even though the Windows Mobile OS now supports higher levels of WiFi keys it doesn't mean the device does, only if it has drivers for the NIC to run as such. Most people have figured this out the hard way and blame MS from the get go, when the manufacturer, OEM, and reseller of the product have a larger hand in the blame game with this respect.
Secure your Bluetooth connections via pairing your devices with PINs and turning off "Make this device visible to other devices" to reduce the chance of a snarf attack.
Mostly managed by the policy of your device and network, you can control access to your network and installation of applications via certificates.
There are now several anti-virus programs out there to scan and keep your mobile device safe. There are currently no big threats for Windows Mobile devices, but it can't hurt to have that extra layer of defense when there is one.
Security is a series of layers, like armor the more you have the more you should be protected, but it also has to be a policy that is not only set, but followed to prevent loss of devices in cabs, airports, hotels, etc from being security risks.