2. Keep up with Apple firmware updates. Apple's well-publicized flaw that allowed access to the address book via the emergency call mechanism was repaired, but only if you applied the patch. Unfortunately, Apple requires the use of desktop tools for firmware updates: Users must run Apple Software Update on their Mac or PC to grab them from iTunes when they become available. I think that's poor design, especially when BlackBerry and Android demonstrate the ease with which OTA updates can be performed. In an enterprise setting where OTA firmware updates aren't possible, IT should send iPhone users a broadcast SMS alerting them that they need to dock to iTunes to load an urgent fix. When running iTunes at a work desktop is forbidden by policy (as it should be), easy access to IT-controlled update stations should be arranged.
3. Put your iPhone on a leash. Keeping your phone with you provides the only impenetrable shield against theft or tampering. A comfortable, fashionable holster that suits your style makes it less likely that you'll nonchalantly toss your phone in your bag when you leave the house. Don't choose a jacket pocket, a backpack compartment, or any container from which you walk away. In the same vein, don't let anyone borrow your iPhone. Even your best friend could leave your iPhone, take out his curiosity on your device, or get hoodwinked by a malicious hacker. Treat your iPhone as you do your wallet.
4. Secure your iTunes host. Your PIN affords you little protection if someone gets hold of your computer. That's because your PC or Mac keeps a complete image of the flash memory in your iPhone. From this recovery image, a skilled hacker could read all of the data on the phone. It only takes a few seconds to move that firmware image from your disk to a thumb drive. And it takes little time or skill to replace that image with one that can reflash your iPhone's firmware with something nasty. The smartest way to go is to keep your iPhone backups on your own thumb drive. This makes automatic restores and updates slightly more challenging, but it's worth it.
5. Don't jailbreak your iPhone. The iPhone jailbreak process purposely disarms the mechanisms that Apple created to protect your data. With App Store, a trusted party tests and vouches for the software, and Apple can trigger an uninstall of an app if a risk is discovered later. The protections offered by open source projects --multiple contributors, readily viewable code, and a central location for comments and fixes -- don't exist in the jailbreak world. I'll grant that jailbreaking an iPod Touch or a retired iPhone can be good fun. Relying on a jailbroken iPhone as your primary mobile device is idiotic.
It's so quick and easy to jailbreak an iPhone that it takes a minimum of social engineering to trick a trusting user into bypassing Apple's built-in guard against modified firmware. It's a simple sell: By holding down one key while clicking Restore, you don't waste time waiting for new firmware to download from Apple. Don't fall for it. Always download firmware directly from Apple.