First, I would not use the Bluetooth headsets if the risk of eavesdropping is unacceptable to your organization. There is an excellent video by Josh Wright of Inguardians Inc. in which he demonstrates the dangers of using a Bluetooth headset. I would also recommend becoming familiar with the tools that can be used against your phone's Bluetooth capabilities, including penetration testing suites like Bluediving.
It is also important to train corporate employees to use caution when using their phones. Tell them, for example, to be wary of the websites they surf. Your corporate Web policy should mention that company phones should not be used to access questionable websites. Your users should also be careful to not lose their phones or leave them unattended.
You should also attempt to train employees that carry corporate phones to use some discretion. There have been many times where I have overheard seemingly sensitive conversations because people are talking loud enough for everyone in the airport terminal to hear.
This was first published in April 2009