* Create awareness throughout the organization that regulated data on mobile devices should be just as protected and secured as other sensitive and confidential information.
* Make sure security policies include guidance on what employees should be doing to protect the regulated data on the mobile devices they use.
* Conduct a data inventory of sensitive and confidential information to understand what regulated data is on employees' mobile devices.
* Understand who is accessing regulated data through mobile devices and for what purposes in order to increase visibility of people and business processes.
* Consider data-centric protections for personally owned devices.
* Consider investing in technologies that specifically address the regulated data risk. These include mobile device management, mobile DRM and mobile application management.