As the business use of personal digital assistants
continues to grow, many organisations are risking the loss of
commercially sensitive information. A new survey has shown that
users are failing to secure the data contained on their
PDAs.
The survey of 283 business people commissioned by Pointsec and
conducted by Infosecurity and Computer Weekly found that the most
popular use of PDAs is as a business diary and address book.
This contrasts with the findings of last year's survey which showed
that PDAs were most often used to store personal and communication
details.
The survey also found that of the 40% using their PDA to access
their corporate network, 25% of them bypass the password function.
Additionally, nearly 60% fail to encrypt the corporate data held on
their device.
More than 25% of those questioned admitted to having lost either a
laptop or a PDA. The most notorious place for losing a device is a
taxi (40%) closely followed by bars, restaurants and nightclubs
(20%).
The latest conclusions suggest that PDAs have established
themselves as everyday business tools in the workplace, but that
their owners are not taking the threats they pose to company
security seriously enough.
"The biggest headache for IT managers when it comes to adopting
PDAs is asset management - not in terms of keeping tabs on numbers,
but in terms of using adequate security and encryption," said Andy
Brown, programme manager for mobile computing at analyst firm IDC.
The business case for PDAs is becoming so strong that some
companies may be willing to accept a potential security risk in
order to reap the benefits PDA use can bring to the workplace,
Brown said.
"In some industry sectors PDAuse definitely improves employees'
work rates and managers will overlook security issues," he said.
However, at Britannia Airways, project manager Eddie Marsden-Jones
sees a PDA security policy as vital. "Security considerations must
go hand in hand with a technology roll-out - in our example, we
would never have got the business case signed off."
Marsden-Jones has recently overseen the roll-out of 1,800 Casio
EG-800 PDAs to cabin crew to be used as electronic point of sale
terminals and in-flight communication devices.
He said that while staff are encouraged to make personal use of
their PDAs, access to corporate data is closely regulated.
"We can control what corporate data is made available on the PDAs
and how long it will stay on the devices. We also use control
access software from RSA Securities. Users not only have to
memorise a four-digit password but they must also insert a key fob
that generates new passwords every second."