Fewer than 10 percent of organizations have a formal and comprehensive mobile security policy. Organizations must develop a security policy appropriate for the type of device and the information it contains. Mobile security policy should be consistent across all mobile devices, including USB storage, PDAs, smart phones, laptops, and kiosks. Restricting certain types of data from mobile devices is an acceptable method to minimizing risks. For example, secret data may require twofactor authentication and encryption, though public data is okay without any password protection.”]
Source: https://www.csoonline.com/article/2118547/crafting-a-mobile-device-security-policy.html