by David J Wallace
Less is more to Fred Hann and the eight road-weary employees who have shifted from laptop computers to Handspring Visor handhelds and cellular phones. “Getting rid of our laptops got rid of a lot of headaches,” says Hann, chief auditing officer at Recovered Capital Inc. in Columbus, Ohio, which reviews phone bills for major corporations. “Now, for someone to compromise a client’s data would take more than a simple accident.”
Recovered Capital used to store their clients’ sensitive data directly on employees’ laptops, but now, since all of their PDAs can access data remotely, they no longer need to store any information locally — and also don’t risk losing it. They’ve changed the way they store and secure information. To do this, the company turned to sales-force automation service Upshot.com. This Web-based service stores all of Recovered Capital’s client data and makes it available to them 24 hours a day via their PDAs and cell phones. With its handhelds and new security measures in place, Recovered Capital’s employees have less to lose, and the company estimates it has seen a 50 percent increase in efficiency — without hiring more workers.
Like Recovered Capital, many small companies with old 20th-century security policies now need to reconsider how to work with a new generation of communication devices. Handhelds may be more mobile than desktops and notebook PCs, but their portability and connectivity offer unique security challenges. How will your company meet them?
Tom Devaney has a lot to lose. As the owner of Rubarb Communications, a computer consulting firm based in Ludington, Mich., he has to keep in touch with all of his customers. Devaney accomplishes this by storing all his customer data on his Palm V PDA. One misstep and all that data is gone. To prevent security disasters, Devaney employs a three-pronged strategy: He uses Palm’s built-in password protection, synchronizes and backs up his data regularly, and uses an anti-virus program. “People can beam you what you think is a business card or a game, but it turns out to be a worm that can infect your PDA, and when you go to sync, infect your PC,” he says.
You may think that a handheld without a modem won’t present security risks, but the truth is that your data can be infected with a virus, your handheld can be stolen, and snoops can snatch data when you aren’t looking. All PDA users should remember that theft and loss are the biggest threats to data security, according to Bill Dyszel, author of PalmPilot for Dummies (Hungry Minds Inc., 1999) and Handspring Visor for Dummies (Hungry Minds Inc., 2000).
But security tools for PDAs are popping up everywhere. In addition to the password protection included in the Palm OS, several creative programs have been written to protect the popular PDAs from theft or misuse, says Gordon Clyne, Palm’s manager of security products. “These devices pose a new set of threats; they’re so small they can be set down and left on a seat or fall out of your pocket,” Clyne says, “so companies have developed clips or locks that go through the stylus hole. Another makes a holster for you to wear your PDA.” Clyne recommends Asynchrony.com’s PDA Bomb ($30, 314-436-3101, www.pdabomb.com), which wipes a device’s memory if the password isn’t entered, and Denton Software’s Cradle Robber ($10, www.dentonsoftware.com), which disables a PDA that’s taken from the cradle and turned on without a proper password.
Palm doesn’t monopolize the market when it comes to security. Handhelds that use Microsoft’s Pocket PC OS have security features of their own, such as password protection and support for Windows 2000 authentication, and you can even download the High Encryption Pack for Pocket PC directly from the Microsoft Web site. And like Palm, Pocket PC has its own set of third-party security tools. You can stay virus free using McAfee’s VirusScan Wireless ($30, 408-992-8100, www.mcafee.com); protect files with up to 168-bit encryption with Pocket Lock for Pocket PC ($30, 415-831-1499, www.applian.com); and control access by installing the PINprint PC ($130, 802-872-2760, www.appliedbiometrics.net), a fingerprint biometrics device.
Now that some PDAs come equipped with wireless modems, security threats are even more real. Wireless handhelds, such as the Palm VII and Research in Motion Blackberry, let you surf the Web or send and receive e-mail. Wireless modem attachments are available for your Palm V and m500 series, Handspring Visors, and various vendors’ Pocket PCs. Messages and Web data sent by these methods are vulnerable to eavesdropping and interception, and there is no one wireless security standard in place.
The good news? Palm.Net service (wireless.palm.net) for the Palm VII and other Palm-branded handhelds uses Data Encryption Standard Extended (DESX) encryption, Message Integrity Check (MIC), and network authentication along with other protocols to ensure the safety of your wireless transmissions. Similarly, Omnisky (www.omnisky.com), maker of Minstrel modems for both Pocket PCs and Palm models, uses Elliptic Curve Cryptographic (ECC) technology, DES, RC4 data encryption, and a variety of other technologies to make sure nothing gets into the wrong hands. RIM (www.rim.net) addresses your concerns by using triple DESX encryption. All products use Secure Socket Layer (SSL) encryption and password protection.
On the horizon is Public Key Infrastructure (PKI) technology, a system which uses digital certificates to identify users and verify documents. The certificates require a third party for validation, such as Certicom, Entrust, or VeriSign. Unfortunately, there is no single PKI standard in development.
All the add-ons and precautions in the world won’t keep you from leaving your PDA on the airplane, but there are ways to reduce the damage.
Tips for PDA Users
Simple changes in PDA use can make a world of difference when it comes to protecting your data. Some tips:
* Password-protect local files and encrypt data transmission whenever possible.
* Sync your handheld and PC frequently, and don’t forget to back up your files. If your PDA is stolen, you’ll at least have copies of your data back at the home office.
* Include a sticker or message on the start-up screen of your company’s PDAs that has contact information for you or your company. You can even offer rewards for lost items.
* Develop a standard of one or two manufacturers for every wireless device in your company to reduce compatibility problems and make replacement quicker.
* As much as possible, e-mail, long distance, and voicemail messaging should function the same way inside and outside the office. This can reduce training or learning curve concerns, improve productivity, and reduce chances of accidental data loss.
* Purchase and use an anti-virus program for your PDA.