This not only provides easy pickings for common thieves, it also provides an entry key to corporate systems for opportunists, hackers or competitors.
The PDA Usage Survey 2003 commissioned by Pointsec Mobile Technologies and conducted by Infosecurity Europe and Computer Weekly has found that PDA owners commonly download the entire contents of their personal and business lives onto their handheld computers – with many leaving the information unencrypted and without password protection.
Sensitive information commonly stored unprotected on PDAs includes corporate information, bank accounts, credit cards, social security numbers, inland revenue information, business and personal names and addresses, with a third also storing their personal passwords and PIN numbers without using the PDA’s password function to protect this information!
Forty one percent are using their PDA to access their corporate network with a quarter of them bypassing the password function. Fifty seven percent do not encrypt the corporate data held on their PDA making it relatively easy for an unauthorised person to use the PDA to access a corporate network and assume the identity of the user.
Identity theft is now such a problem that the UK government has just announced that it is to draft new legislation to create two new specific offences to make it easier for police to make arrests. According to Home Office Minister Beverley Hughes, speaking at the recent Combating Identity Fraud Conference, ID fraud costs the country more than £1.3 billion every year and takes the average victim of identity theft 300 hours to put their records straight.
The most notorious place for losing a mobile device such as a phone, laptop or PDA is a taxi (40%) closely followed by bars, restaurants and nightclubs (20%).
Over 40% of people have lost a mobile phone and a staggering quarter have lost a laptop or PDA or both and yet almost half of people don’t bother insuring their PDA and just a feeble 2% insure the information held on them.
Despite surveys, such as this one, identifying the high risk of mobile devices being lost / stolen, it appears that 73% of companies still do not have a specific security policy for mobile devices.
Although many PDA users are unaware of the security implications of using their PDAs they clearly see the importance of backing up their information, with over 80% taking the trouble to do this. Interestingly, users that sign onto multiple networks with their PDA are more security savvy than the average user as they are twice as likely to use a password to protect their PDA.
For some of those who had lost their PDA, the consequences were traumatic, with comments including:
“I thought I had lost my right arm and when I found it two days later, all was calm and normal again.”
“I had to warn all my friends that their addresses were on there, especially the single females who lived nearest the bar from where the PDA was stolen. I hadn’t been using the password function, so I now try and remember to lock my PDA.”
“I had to buy a new one and change all my online passwords.”
The PDA Usage Survey has been conducted for the second year to find out how people are using their PDAs and whether they are protecting the information stored on them. The survey has been conducted among 283 business personnel of which 42% are working for corporate organisations employing over 1000 employees.
The survey found that the top 10 functions people use their PDAs for are:
As a business diary 85%
Store business names and addresses 80%
Store personal names and addresses 79%
As a personal diary 75%
For entertainment – games/music etc 48%
Create documents/spreadsheets 35%
To store passwords/PIN numbers 33%
To receive and view emails 32%
To store bank account details 25%
To store corporate information 25%
Magnus Ahlberg – Managing Director of Pointsec Mobile Technologies said “The survey shows that people are now clearly using their PDAs as a business tool, but are unaware of the serious implications should their PDA end up in the wrong hands. It takes merely seconds to synchronise information from a PDA using a laptop or PC if it is unencrypted and not password protected. Alternatively, with the development of Wireless Lan technology, a competitor or hacker could just sit in the coffee bar next to your office and get access directly into your corporate network. Therefore it is imperative to encrypt all information held on PDAs.”
One last interesting statistic – 33% of those people included in the survey, said their main job function was “IT Director or IT Manager”.
You can download a free White Paper from their site: "Enterprise security for mobile computing devices":
"Enterprise security plans must now assure the protection of data residing on mobile computing devices. But the inherent lack of physical access controls on mobile devices creates special challenges that must be resolved to provide effective and practical security. This paper will help security officers and staff of large organizations seeking to protect sensitive data on mobile computing devices."