As advances in personal digital assistants (PDAs) and smartphones have made them as powerful as desktop computers, employees are purchasing them in greater numbers and connecting them to their employers' computer systems. According to a survey conducted by TNS NFO (formerly NFO WorldGroup), 86 percent of employers knowingly permit these employee mobile devices, yet nearly the same number - 83.6 percent of employers - have failed to set usage guidelines for these devices, leaving their computer systems vulnerable to malicious code attacks and information theft.
Employees are not any more aware than their employers of the threat their mobile devices pose to computer systems. The survey also found that 74.6 percent of employees that use personal mobile devices either do not have, or do not know whether they have, any security protection on their PDAs or smart phones.
"Businesses worry a lot today about front-end attacks from hackers and how to stop them," said Tom Goodman, vice president of operations for Bluefire Security Technologies, the firm that commissioned the survey. "However, they have not paid very much attention to the equally dangerous back-end threat coming from employees connecting their high-powered handheld devices to their enterprise networks."
Serious risk exists when an employee places a mobile device into an in- office cradle, because the device is recognized by the company network as a trusted user and given clearance to access mission-critical information behind the network security protection. A business competitor could then gain free access to a company's entire database, and a sophisticated hacker could enter a corporate network through the device and use it to plant a computer program that would send information back to the source, undetected for an extended period of time.
The survey polled users of handheld devices from a weighted sample of Internet-connected households. In addition to the findings regarding the business use of employee handhelds, the study also found that consumers store vulnerable confidential information on their devices:
Nearly 40 percent of PDAs and smart phones contain credit card numbers.
More than 25 percent store incomes.
Approximately 19 percent reveal health problems.
Love letters reside on approximately 17 percent of PDAs and smartphones.
Only 9.5 percent of respondents, however, thought they would be embarrassed if someone stole any of this confidential information and posted it on the Internet.