Click to View

The state of handheld security is poor. While companies allow and even encourage their employees to use PDAs and smartphones, they don't make provisions to protect the data on these devices.

According to a new survey by TNS NFO, a market research firm, 74.6 percent of employees that use mobile devices either don't have, or don't know whether they have, any security protection.

Considering that 86 percent of employers knowingly permit the use of these device, it is disturbing that nearly the same number, 83.76 percent, have failed to set usage guidelines, leaving their enterprises and sensitive data vulnerable to malicious code attacks and information theft.

"Businesses worry a lot today about front-end attacks from hackers and how to stop them," said Tom Goodman, vice president of operations for Bluefire Security Technologies, the wireless security company that commissioned the survey. "However, they have not paid very much attention to the equally dangerous back-end threat coming from employees connecting their high-powered handheld devices to their enterprise networks."

Serious risk exists when an employee places a mobile device into an in- office cradle, because the device is recognized by the company network as a trusted user and given clearance to access mission-critical information behind the network security protection. A business competitor could then gain free access to a company's entire database, and a hacker could enter a corporate network through the device and use it to plant a computer program that would send information back to the source, undetected for an extended period of time.

The TNS NFO study also found that consumers store vulnerable confidential information on their devices without adequate protection. For instance, nearly 40 percent of PDAs and smart phones contain credit card numbers, while over 25 percent store incomes. In addition, approximately 19 percent reveal health problems, and love letters reside on around 17 percent of mobile devices.

TNS NFO's findings jive with a recent Gartner report that found essentially the same thing, that while mobile users are implementing more wireless technologies in their daily lives, most of these folks aren't taking the proper precautions to ensure that their data is safe. According to Gartner, the problem with mobile devices is that 90% them lack the proper protection to ward off hackers.

TNS NFO and Gartner aren't the only one taking up the mantle of mobile security. At the 3GSM World Congress earlier this month, the GSM Association and leading mobile phone vendors announced an agreement to help reduce the theft of mobile phones by establishing a series of measures to enhance the integrity of handset identities.

In addition, the latest version of Microsoft’s Windows Mobile platform, announced last week at the company's Mobile Developer Conference, includes WPA or Wi-Fi Protected Access, a security standard created by the Wi-Fi Alliance to make wireless access more secure.

And the most recent addition of the Palm OS, Cobalt, introduced last month at PalmSource's own conference for developers, will include built-in encryption, authentication and authorization frameworks.

For more on mobile security, read our recent article "Top 10 Items You Shouldn't Allow on Employee PDAs (and what do about it)."