Handhelds are no longer simply pocket-friendly address books. In recent years mobile wireless devices have become crucial tools that keep far-flung employees constantly connected to home base. But such portability may also be the handheld’s downfall. According to Ross Chevalier, chief technology officer at Markham, Ont-based network software provider Novell Canada, handhelds have surpassed PDAs as the most stolen or lost electronic gadgets in Canada. And, when sensitive business information is lost or left open to public eyes, the results can be disastrous.
“Handhelds today have the capacity to be true repositories of business data,” says Chevalier. “We’ve gone beyond having a couple to-dos and contacts to having entire phone lists, customer lists and entire e-mail accounts, much of which is private and concerning. In the context of information security, handhelds are as important as a desktop or laptop and the challenge for companies is not to change the way they work, but to think about how to provide security in the event a handheld gets lost.”
Experts agree there are a few basic steps handheld users can take to keep their data safe. First and foremost, all handheld devices can be password-protected; make sure you and your employees use this feature. Set your handheld so that every time you turn it on you are forced to log in. Also set it to enter sleep mode after prolonged periods without use, and to require a password upon wake-up. Moreover, determine a maximum number of attempts your handheld will allow someone to try and enter the correct password and then program your handheld to erase all of your data if that number is exceeded.
“Something as simple as a password might be enough to annoy someone trying to get into your handheld and make them stop,” says Chevalier. “Worst case scenario, they take your handheld and resell it with none of your information on it because it has been programmed to delete personal files after so many failed password attempts.”
While they may have different methods, most major wireless companies are looking after your data’s security without you even knowing it, encrypting files when they are in transit between a handheld and headquaters. Thus, if a hacker tries to intercept privileged information while it is in cyberspace, any information he or she finds is rendered illegible. For users who are after an even higher level of security, more encryption measures are available. For instance, Blackberry users can opt for an encryption package that ensures even administrators won’t be able to read their messages.
“We offer a piece of add-on security that ensures only the sender and recipient can read the message,” explains Alan Panezic, director of the Blackberry solutions group at Research In Motion in Waterloo, Ont. “It allows sender-to-recipient security, so it means if I want to send something specifically to you, I can encrypt it in a way so that you are the only person in the world who can read it, not an administrator on my system or your system. And, not only can I make sure that only you can see it, but I can digitally sign it so you know for sure that I sent it.”
For companies that distribute large numbers of handhelds to their employees, even more can be done on an administrative level. All of the major handheld players offer software that allows IT personnel to reset passwords, lock devices and delete data remotely. Third-party suppliers such as Novell also sell software that helps administrators manage the entire life cycle of information from server to desktop to handhelds, including ensuring that all data is backed up.
Like any other networked device, handhelds can be the target of viruses. While Pocket PCs are to date the only handhelds that have succumbed to a virus attack, experts predict viruses will eventually threaten all handhelds, including cellphones.
“If you look at all handhelds today, they come with wireless LAN access, Bluetooth technology, phones etc. While these features increase the attractiveness of the device, they also increase the likelihood they will become a target for viruses,” says Matt Ekram, product manager for wireless security at the Santa Monica, California offices of internet security provider Symantec. “We don’t know when the next attack will come or how big it will be, but we know based on certain scenarios that the risk is increasing.”
There are a few ways to protect handhelds from viruses. Anti-virus software is the obvious option, but Ekram says basic PC security measures apply to handhelds as well: “Be aware when downloading any application and don’t open e-mail attachments from people you don’t know.”
In essence, when thinking about handheld data security, use common sense and take a hands-on approach.
“Companies have to take a more proactive role in managing the handheld,” says Ekram “In the past a lot of devices have come through the back door and were not managed by enterprises. This is the time for IT to look at what devices are being used, how they are being connected and how their employees are using them. Then have a policy in place that is followed by users in the enterprise.”