Sloppy PDA habits are compromising customer confidentiality and putting companies’ reputations on the line, according to a new survey. The findings suggest many PDA users are ignoring the security risk by failing to encrypt data held on their devices, or even protecting them with a password.
Two thirds of PDAs are used to store corporate information without adequate protection.
The Mobile Vulnerability Survey 2004, commissioned by Pointsec Mobile Technologies, Infosecurity Europe and Computer Business Review, was conducted among 68 IT managers, of which 38% came from companies employing over 1,000 employees. It found that 13% of respondents have had the misfortune of losing their mobile device.
The survey also found that PDAs are now entrenched as corporate communication tools, with almost half being used to receive and view corporate emails, and a third now doubling as a phone. The storage of the names and addresses of corporate customers is now common, yet despite the value of such information stored on these PDAs, a full two thirds of users do not use any kind of encryption to protect the data.
One of the fastest and easiest ways to access corporate data is through unprotected PDAs that are lost or stolen, as they contain business names and addresses, spreadsheets and other corporate documents. The survey found that a third of users do not even use password protection on their devices, leaving the information vulnerable to opportunists, hackers or competitors. As a result, a lost PDA could have a huge impact on customer confidence and do untold damage to a company’s reputation, the survey revealed.
As well as using their PDAs to store company information, many users store valuable personal information such as PIN numbers, bank account details, social security numbers, credit card information and even lists of passwords, many of which can be accessed – ironically – without a password.
Although more companies than ever have introduced a specific mobile security policy – over 50% have a policy compared with 27% of those surveyed last year – very little has changed when it comes to enforcing the protection of data on mobile devices. For three years in a row, the number of people who are encrypting their data or using passwords to secure their PDAs has remained roughly static, in spite of the efforts of companies introducing mobile security policies.