"US-CERT recommends the following best practices to help protect mobile devices:
Maintain up-to-date software, including operating systems and applications;
Install anti-virus* software as it becomes available and maintain up-to-date signatures and engines;
Enable the personal identification number (PIN) or password to access the mobile device, if available;
Encrypt personal and sensitive data, when possible;
Disable features not currently in use such as Bluetooth, infrared, or Wi-Fi;
Set Bluetooth-enabled devices to non-discoverable to render them invisible to unauthenticated devices;
Use caution when opening email and text message attachments and clicking links;
Avoid opening files, clicking links, or calling numbers contained in unsolicited email or text messages;
Avoid joining unknown Wi-Fi networks;
Delete all information stored in a device prior to discarding it; and
Maintain situational awareness of threats affecting mobile devices.
Anti-virus software exists for some mobile devices, which is one component of a layered defense. However, it can only assist in protecting against known threats. Users need to understand the threats and proactively take steps to avoid them. A high degree of vigilance is necessary to successfully prevent and mitigate future threats to mobile devices."
Source: US-CERT Technical Information Paper, TIP-10-105-01 April 15, 2010 [PDF]