As handhelds and smart phones are increasingly being used in offices, these devices have become a significant source of risk for companies.
According to a survey conducted recently by market research firm TNS NFO, 74.6 percent of handheld or smart phone users either do not have, or do not know whether they have, any security protection on their device.
TNS NFO sets the blame for this primarily on the companies. Most employees aren’t using their devices behind their bosses’ backs. The survey found that 86 percent of companies allow their employees to carry handhelds and smart phones, yet nearly the same number – 83.6 percent of employers – have not set any kind of guidelines for these devices.
“Businesses worry a lot today about front-end attacks from hackers and how to stop them,” said Tom Goodman, vice president of operations for Bluefire Security Technologies, a company that develops mobile and wireless security solutions and which commissioned the survey. “However, they have not paid very much attention to the equally dangerous back-end threat coming from employees connecting their high-powered handheld devices to their enterprise networks.”
A mobile device that is connected to a corporate network can be a source of significant risk to the company. A stolen Wi-Fi-enabled handheld without proper security could be used by almost anyone to access a company’s Wireless Network from the parking lot.
Many PDA users also keep sensitive information on their devices when they take them home, opening up the risk of this information falling into the wrong hands if the device is lost or stolen.
Handheld Security 101
Both Palm OS and Pocket PC devices have basic password protection. This is probably good enough for people who don’t want their phone list or love letters becoming common knowledge. However, it doesn’t do any good if it isn’t used.
Some people carry more private information. The TNS NFO survey showed that nearly 40 percent of handhelds and smart phones contain credit card numbers. These people should consider applications like SplashID or eWallet, which use encryption to protect users’ credit card numbers, passwords, bank account numbers, etc.
The strongest security is provided by applications like movianCrypt, which can encrypt all the data on the handheld. This means the data is changed into a format that can’t be read without an encryption key. The Bluefire Mobile Firewall protects handhelds from hackers while they are connected to public wireless networks. Applications like these are targeted towards the enterprise, and an individual might find them somewhat expensive.