Though personal handhelds have long been used in offices, a recent survey shows that a large majority of them contain a significant amount of business-related information. What makes IT managers break out into a cold sweat is the thought that most handheld users simply do not secure the information on their device, despite numerous applications being available to do this.
The second annual PDA Usage Survey, which was conducted in the U.K. for Pointsec Mobile Technologies by Infosecurity Europe and Computer Weekly, revealed that 85% of handheld users keep company-related events on their handheld’s calendar. And 80% keep business names and addresses in it. This is a higher percentage than enter their friends and family into their handheld’s address book.
The survey also showed that 35% of handheld users keep documents and speadsheets on their handhelds and 33% keep track of their passwords and PIN numbers with it.
What should give corporate IT managers insomnia is how few handheld users properly secure the sensitive information they carry around with them everywhere. According to the survey, 57% do not encrypt the corporate data on their handheld.
And the majority of these people probably aren’t breaking company rules by carrying around all this proprietary information unsecured. The survey also showed that 73% of companies do not have a security policy for handhelds. One of the major reasons for this is most of the handhelds aren’t being provided by the company. People buy the devices for themselves, then bring them to work and fill them with company information.
The risks are increasing as wireless networks become more common. The PDA Usage Survey showed that 25% of the people who accessed their company network with their handheld stored the network password on the handheld. A stolen Wi-Fi-enabled handheld set up like this could be used by almost anyone to access a company’s Wireless Network from the parking lot.
Handheld Security 101
Both Palm OS and Pocket PC devices have basic password protection. What’s an open secret in the industry is that this can be broken with relative ease. That’s why there are a plethora of third party applications for both platforms that provide much more robust security.
The strongest security is provided by application like movianCrypt, which can encrypt all the data on the handheld. This means the data is changed into a format that can’t be read without an encryption key.
Applications like this are targeted towards the enterprise and an individual might find them somewhat expensive… and possibly overkill. While many might not carry around national secrets in their iPAQ, the PDA Usage Survey showed that a third of handheld users store their passwords and PIN numbers on their device and a quarter of them keep their bank account details on it. These people should consider applications like SplashID or eWallet, which use encryption to protect users’ credit card numbers, passwords, bank account numbers, etc.
Far too many people don’t bother to secure the information on their handheld because they believe “It can’t happen to me”. But it can. According to the Pointsec survey, almost a quarter of handheld users have either lost or had their handheld stolen. Everyone should take a look at what they have stored on their handheld and what the consequences would be if it fell into the hands of a malicious stranger.