Steps you can take to increase security for your PDAs
PERSONAL digital assistants ("PDAs") such as Smart PDA, BlackBerry, Palm Treo, Windows Mobile, and other mobile devices are everywhere in Hawaii's business landscape.
These useful devices are smaller than a laptop, but may contain the same level of sensitive information in the form of e-mail address books, text messages and spreadsheets.
Many larger companies have taken steps to secure and manage handhelds used for business. However, there are many organizations that may not be paying enough attention to this matter, making security breaches likely.
There are basic steps that both individuals and businesses should take to safeguard PDAs and the information stored in each device.
» Individuals: Keeping your device physically secure is the simplest security measure you can take. Never leave your device lying around in the open, especially while traveling. Invest in a case which keeps your PDA physically attached to you or in your brief case or purse.
Leaving your device in the pocket of a jacket or in a side pocket of a carrying bag makes it an easy target for theft.
Make use of your PDA's built in keyboard lock and password functionalities. This will help prevent unauthorized access to sensitive files and your company's network. The built-in PIN or password feature may not be hacker proof, but it will discourage casual access to your device.
Keep the data stored in your device secure by encrypting, creating passwords or setting file permissions for sensitive data.
Remove any data from your PDA once the data is no longer needed.
Try to delete e-mails once you have read them; most PDAs have the option to delete the message on just the handheld and leave a copy in your personal or corporate mailbox.
» Organizations: Ultimately, organizations should take responsibility for PDAs when they are used for business purposes.
Issue formal written policies and establish guidelines for the appropriate use of such devices. Educate employees on the value and sensitivity of the business data they may be carrying.
Offer a user training course for the most popular devices and include basic security procedures and policies.
Identify all handheld devices used by employees for business purposes.
Evaluate the devices to ensure that the PDAs comply with the organization's current technology.
Issue standard builds so only the organization's authorized applications and security software is in use.
Deploy these applications and software in a manner which makes it easy for the employee to install.
If there are a large number of employees with personal PDAs, consider the benefits of replacing the work force's personal units with company-issued devices. The cost in materials and monthly charges may be minor compared to an unmanaged information breach due to a lost device.
Depending on the choice of vendor, centralizing your mobile-device management may even enable remote deletion of lost or stolen devices.
Individuals with PDAs should increase their level of awareness concerning the amount of sensitive data stored on their device.
Organizations should centralize and formalize their policies, management and administration over handhelds to decrease overall risk of security breaches and leaks of sensitive data.
Take simple precautions to protect such data in the event a PDA is lost or stolen.
John Russell, is Honolulu manager of consulting services for Grant Thornton LLP. He can be reached at firstname.lastname@example.org