Users put businesses at risk by not securing PDA information

As the business use of personal digital assistants continues to grow, many organisations are risking the loss of commercially...

As the business use of personal digital assistants continues to grow, many organisations are risking the loss of commercially sensitive information. A new survey has shown that users are failing to secure the data contained on their PDAs.

The survey of 283 business people commissioned by Pointsec and conducted by Infosecurity and Computer Weekly found that the most popular use of PDAs is as a business diary and address book.

This contrasts with the findings of last year's survey which showed that PDAs were most often used to store personal and communication details.

The survey also found that of the 40% using their PDA to access their corporate network, 25% of them bypass the password function. Additionally, nearly 60% fail to encrypt the corporate data held on their device.

More than 25% of those questioned admitted to having lost either a laptop or a PDA. The most notorious place for losing a device is a taxi (40%) closely followed by bars, restaurants and nightclubs (20%).

The latest conclusions suggest that PDAs have established themselves as everyday business tools in the workplace, but that their owners are not taking the threats they pose to company security seriously enough.

"The biggest headache for IT managers when it comes to adopting PDAs is asset management - not in terms of keeping tabs on numbers, but in terms of using adequate security and encryption," said Andy Brown, programme manager for mobile computing at analyst firm IDC.

The business case for PDAs is becoming so strong that some companies may be willing to accept a potential security risk in order to reap the benefits PDA use can bring to the workplace, Brown said.

"In some industry sectors PDAuse definitely improves employees' work rates and managers will overlook security issues," he said.

However, at Britannia Airways, project manager Eddie Marsden-Jones sees a PDA security policy as vital. "Security considerations must go hand in hand with a technology roll-out - in our example, we would never have got the business case signed off."

Marsden-Jones has recently overseen the roll-out of 1,800 Casio EG-800 PDAs to cabin crew to be used as electronic point of sale terminals and in-flight communication devices.

He said that while staff are encouraged to make personal use of their PDAs, access to corporate data is closely regulated.

"We can control what corporate data is made available on the PDAs and how long it will stay on the devices. We also use control access software from RSA Securities. Users not only have to memorise a four-digit password but they must also insert a key fob that generates new passwords every second."

Read more on IT risk management