"The PDA is replacing the filing cabinet for many users," says Magnus Ahlberg, managing director of Pointsec Mobile Technologies. He adds that they no longer leave their national insurance and bank details at home, but carry them around, blissfully unaware of what might happen if this information is lost and not adequately protected.
"Money could be taken out of your bank account, all your personal and business secrets could be breached, your customer databases could be stolen or worse still you could lose your entire identity," he warns.
"According to Home Office Minister Beverley Hughes, ID fraud costs the country more than £1.3 billion every year, and it takes the average victim of identity theft 300 hours to put their records straight."
Pointsec is one of a growing list of companies that develop access control and encryption systems for PCs and mobile devices, and earlier this year it commissioned a PDA usage survey (see end). Ahlberg says the results will make concerning reading for corporate network managers, as well as for individual PDA owners.
"Apart from the obvious ramifications of losing their PDA with all their personal and business information on it, users could also be in breach of the Data Protection Act," he explains.
He adds that employers need to introduce a workable security policy to cover PDAs, and communicate it regularly to the workforce. They should regularly audit the mobile devices within the organisation, and make sure that if staff are storing company data on their own PDAs, then these must be included in the company's centrally managed security system.
"It is a fact that the amount of data that resides outside the corporate LAN is growing," agrees Yad Jaura, worldwide product marketing manager at XcelleNet, one of several companies which supply software for managing and securing mobile devices.
"With a tremendous amount of sensitive business data residing in organiser data and email alone, it's not surprising that we're already seeing security concerns and incidents reflected in published articles and surveys everyday. Mobile devices are not only physically difficult to monitor and maintain but also create very specific application and data management needs."
Jaura suggests that network and security administrators should look at implementing a range of basic security features, including enforced power-on passwords that users cannot disable, on-device data encryption, and centralised policy-based management.
He adds that software such as XcelleNet's Afaria Security Manager can also lock down a lost or stolen device, so that only administrators can access it. It can even clear the device completely by either deleting data or restoring it to factory settings with a hard reset.
10 facts from the PDA Usage Survey 2003 (source: Pointsec)
1. A third do not use password-protect their PDA, and yet a third use their PDAs to store their passwords. 2. The most common place to lose a PDA or other mobile device is a taxi. 3. 41 percent are now using their PDA to access their corporate network. 4. 57 percent do not encrypt corporate data held on their PDA. 5. 73 percent of companies do not have a specific security policy for mobile devices. 6. 80 percent of people back-up the information they store on their PDA. 7. 80 percent use their PDA to store business names and addresses. 8. 33 percent use their PDA to store passwords/PINs. 9. 25 percent use their PDA to store bank account details. 10. 25 percent use their PDA to store corporate information.