WHAT'S HAPPENING?
Symantec ran a test to see what happens when a smartphone is lost and collected by someone other than the owner. The results are concerning. An overview and a link to the full report is available at http://www.securityweek.com/symantecs-honey-stick-experiment-shows-what-happens-lost-smartphones

WHAT DO YOU NEED TO DO?

A best practice is to set a passcode on your smartphone and set it to automatically engage after a preset amount of idle time. This is a requirement if the smartphone contains sensitive or highly sensitive GT information as defined in http://www.oit.gatech.edu/sites/default/files/DAP.pdf. A good primer on sensitive data is available at support-tools/pnp/Sensitive%20Data%20Security%20Primer.