Everybody has a smart phone these days. Not everyone is a smart user. If you are a consumer, with a device that doesn't touch your corporate email, chances are your device is not secure. In the corporate space, Mobile Device Management is the tech du jour. If your corporate IT department hasn't sent some lockdown stuff to it, they will shortly. Huffington Post had a nice layman's article due to the recent mobile phone hacking in the UK at:
Below is an article from Huffington Post on securing your mobile. Fairly high level. I would add:
I'd at that if your device doesn't have a PIN lock, don't put crucial or sensitive information on it.
A basic password lock screen will block a lot of attacks on your device, if you don't have physical control of it. Also enabling a pin on your voicemail blocks a long known issue with a lot of the wireless carriers in the US. Neither of these are going to stop a security professional, however. A couple tips:
Install a remote wipe utility - if you loose your phone, leave it in a taxi, etc. you can remove the data and wipe the device. Be sure you are using a backup app as well, so that you aren't re-entering contacts. iCloud or a Google account should do the trick if you are set to synchronize contacts.
Encrypt the data. Goto the App Store for your specific device and search encryption. Find something that encrypts the data while the device is locked. As a veteran security professional, I have a hard time getting through an encrypted device, one with just the screen locked is a piece of cake, with it tethered to my machine, with my tools (hence having physical control of the device as the article says). You can, alternately, find apps that encrypt the vital data, email, contacts, calendar, etc.
Don't use your ATM PIN. If you lose your purse, leave the phone somewhere with your wallet, etc and someone is able to determine your lock code, they will likely try it as your PIN.
Don't use the last 4 of your Social Security number. You recite it, type it, give it out to your cable company, phone company, etc any time that you are verifying your account. Don't use your birthday, your wife's birthday, your husband's birthday, your kids birthday, your gay, nubile, Tanzanian sex toy's birthday or your mother's (especially if she is one of those already listed).
Be diligent. If it looks like something has changed on your device, change your lock code. Change it anyway. Like a password, change it every month or so. When you change the Brita Filter, shave your legs, get paid, whatever other event gets your attention every month or so.
Install an anti-malware app from the app store. It should look for known fake apps, spurious activity, and the like. Type in "security" or "malware" in the app store. Look for one well reviewed.