Even though most companies — both large and small — don’t provide PDAs to their employees as industry forecasters once predicted, many people frequently use their personal devices as work tools, often connecting them to the company network.
If your organization hasn’t considered PDA security before, this is the time to do so. As often-forgotten pieces of the security infrastructure, PDAs can both transmit and receive viruses.
PDA Security Concerns
If you plan to let your employees use PDAs and connect them to company desktops, you should absolutely institute security policies and hold the employees accountable for compliance. Security policies describe rules of behavior and configuration guidelines that employees and administrators must follow.
Without them, it’s hard to hold people accountable. In fact if you don’t provide your employees with any security guidance for their PDAs, you can’t expect them to even consider the security issues.
PDAs and smartphones share many of the same vulnerabilities that affect laptops. The most predominate vulnerabilities include:
- Viruses, Trojans and worms
- Theft of the physical PDA device
- Data theft
- Mobile code exploitation
- Authentication theft
- Wireless exploitation
- Denial of service attacks
- TCP session hijacking
While more likely to be virus carriers rather than targets of directed attacks, PDAs can be identified and attacked by hackers through automated port scans.
Though the likelihood of a directed attack may not be high now, as Wi-Fi and CDMA (cellular) wireless access becomes more available, these types of attacks will likely increase. When used in standalone mode and not connected to any type of network, PDAs are not vulnerable to direct attacks.
Device theft poses one of the biggest security risks with PDAs. Thieves are probably more interested in the device for their own use rather than obtaining the data.
Still, any sensitive data (classified information or propriety trade secrets) should be encrypted. While most PDAs don’t come bundled with encryption software, you can purchase applications that will encrypt just about anything.
TIP: If you want to increase the chance of someone returning a lost PDA, put your phone number in a visible location on the outside of the device. If your PDA or smartphone is password protected, no one else can use it. That fact — combined with the phone number — might be enough motivate someone to give it back.