Securing Your Smartphone or PDA

Securing Your Smartphone or PDA
Don’t overlook the security needs of these small devices. Here are some key security measures to take to protect your smartphone or PDA.

Smartphones and personal digital assistants (PDAs) have become important business tools in recent years, and that trend appears to be continuing. According to Gartner Inc, worldwide PDA shipments in the first quarter of 2006 increased 6.6 percent compared to the first quarter of 2005. While use of these handheld devices is becoming more widespread, prices have remained steady, with the average price per device dropping 2.7 percent compared to the same time last year.

For purposes of clarification, Gartner defines a PDA as a data-centric handheld computer weighing less than one pound that is primarily designed for use with both hands. Smartphones offer all the attributes of a PDA, except that smartphones are voice-centric and are designed for primarily one-handed operation. Those differences aside, both devices offer the freedom of mobility to continue business operations outside the physical office walls, enabling anywhere/anytime communication via the phone, email, or Internet using a wireless connection.

If you are already using, or thinking about using, smartphones or PDAs in your small business, security must be a priority. Many people are unaware that these devices are highly vulnerable to information theft and online security threats; in fact, they require the same security precautions of a laptop connected to a wireless business network. Very few wireless devices come equipped with the right security features out of the box, so it is vital that you take some proactive security measures.

Information at risk
Consider the type of information that flows through your PDAs and smartphones. What would be the consequences if someone with malicious intent was able to access that information? A recent study sponsored by Symantec found that 60 percent of the respondents store confidential information or client data on their handheld mobile devices.

The reality is that all customer details, financial records, and business emails stored on a handheld device is vulnerable to corruption or theft, potentially damaging your business operations and reputation. In addition, malicious codes received on a handheld device could enter your business network during synchronization, causing a massive network infection. Also, it is common to store valuable personal information like PIN numbers, passwords, bank account details, credit card or social security numbers on your handheld device, making you a prime target for identity theft.

In addition to online theft and infection, a prominent security risk is the physical loss of the actual devices. The portability of these devices makes them easier to lose – and the monetary value of the devices (not to mention the data that they hold) makes them a popular target for thieves.

Security Tips
Fortunately, there are some security measures you can take that will allow you and your employees to work confidently using a smartphone or PDA:

• Establish a usage policy. Just as you have an IT security policy, you need to outline how employees can use these devices, what types of information can be stored on these devices, what sites to download from, etc.
• Connect to the network via Virtual Private Network (VPN). Use VPNs with Secure Sockets Layer (SSL) for communication between devices. While this allows anyone to access the business’ website, it limits access to applications to only those with proper authorization.
• When connected to the network, disable the wireless port.
• Before synchronizing, make sure the desktop or laptop’s operating system is up-to-date with the latest security patches.
• Use data encryption and authentication products to make data hard to extract. Apply encryption to all sensitive information, including customer information, company information and anything else that could hurt the business if exploited. A 128-bit encryption key is considered unbreakable and is recommended for these devices.
• Install antivirus software and make sure to regularly update the latest virus definitions.
• Install third-party firewalls.
• Synchronize on a regular basis to prevent loss of data.
• Only beam to protected sources.
• Only download from reputable sites.
• Password-protect the device.
• Use endpoint scanning technology that identifies the wireless and wired devices connected to the network and determines whether they have the proper authorization to access the network and if they are properly secured (according to your PDA security policy).

Conclusion
Smartphones and PDAs are hot targets for hackers and thieves to steal personal information and business-critical data. The increased risk of information theft and malicious code affecting these devices requires that you pay special attention to security measures.

from Symantec