Stolen PDAs Provide Open Door To Corporate Networks
The PDA Usage Survey 2003 commissioned by Pointsec Mobile Technologies and conducted by Infosecurity Europe and Computer Weekly has found that PDA owners commonly download the entire contents of their personal and business lives onto their handheld computers – with many leaving the information unencrypted and without password protection.
Sensitive information commonly stored unprotected on PDAs includes corporate information, bank accounts, credit cards, social security numbers, inland revenue information, business and personal names and addresses, with a third also storing their personal passwords and PIN numbers without using the PDA’s password function to protect this information.
Forty one percent are using their PDA to access their corporate network with a quarter of them bypassing the password function. Fifty seven percent do not encrypt the corporate data held on their PDA making it relatively easy for an unauthorised person to use the PDA to access a corporate network and assume the identity of the user.
The survey found that the top 10 functions people use their PDAs for are:
1. As a business diary – 85%
2. Store business names and addresses – 80%
3. Store personal names and addresses – 79%
4. As a personal diary – 75%
5. For entertainment – games/music etc – 48%
6. Create documents/spreadsheets – 35%
7. To store passwords/PIN numbers – 33%
8. To receive and view emails – 32%
9. To store bank account details – 25%
10. To store corporate information – 25%
Over 40% of people have lost a mobile phone and a staggering quarter have lost a laptop or PDA or both and yet almost half of people don’t bother insuring their PDAs. The most notorious place for losing a mobile device such as a phone, laptop or PDA is a taxi (40%) closely followed by bars, restaurants and nightclubs (20%). Also, according to the survey, 73% of companies still do not have a specific security policy for mobile devices.
One last interesting statistic – 33% of those people included in the survey, said their main job function was “IT Director or IT Manager”.