Security Basics for PDAs and Handheld PCs

By Laura Taylor | Posted August 27, 2004
Even though most companies — both large and small — don't provide PDAs to their employees as industry forecasters once predicted, many people frequently use their personal devices as work tools, often connecting them to the company network.

If your organization hasn't considered PDA security before, this is the time to do so. As often-forgotten pieces of the security infrastructure, PDAs can both transmit and receive viruses.

PDA Security Concerns
If you plan to let your employees use PDAs and connect them to company desktops, you should absolutely institute security policies and hold the employees accountable for compliance. Security policies describe rules of behavior and configuration guidelines that employees and administrators must follow.

Without them, it's hard to hold people accountable. In fact if you don't provide your employees with any security guidance for their PDAs, you can't expect them to even consider the security issues.

PDAs and smartphones share many of the same vulnerabilities that affect laptops. The most predominate vulnerabilities include:

  • Viruses, Trojans and worms
  • Theft of the physical PDA device
  • Data theft
  • Mobile code exploitation
  • Authentication theft
  • Wireless exploitation
  • Denial of service attacks
  • TCP session hijacking

While more likely to be virus carriers rather than targets of directed attacks, PDAs can be identified and attacked by hackers through automated port scans.

Though the likelihood of a directed attack may not be high now, as Wi-Fi and CDMA (cellular) wireless access becomes more available, these types of attacks will likely increase. When used in standalone mode and not connected to any type of network, PDAs are not vulnerable to direct attacks.

Device theft poses one of the biggest security risks with PDAs. Thieves are probably more interested in the device for their own use rather than obtaining the data.

Still, any sensitive data (classified information or propriety trade secrets) should be encrypted. While most PDAs don't come bundled with encryption software, you can purchase applications that will encrypt just about anything.

TIP: If you want to increase the chance of someone returning a lost PDA, put your phone number in a visible location on the outside of the device. If your PDA or smartphone is password protected, no one else can use it. That fact — combined with the phone number — might be enough motivate someone to give it back.

Continued on Page 2


Page 1 of 2

 
1 2
Next Page

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date