Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Top 10 Reasons to Control Employee PDAs

June 1, 2004
Many employers would be amazed at how much sensitive information their employees are storing on devices as easy to misplace as a remote control. With such important data walking around on employees’ mobile devices, managers are taking important steps to make PDAs secure.

With all of the time and money that companies devote to securing their IT systems, a single unsecured PDA presents a huge potential hole in a corporate security wall. Unfortunately, it is almost impossible to control what employees keep on their PDAs. Since most enterprises don’t budget for the latest mobile wonders, many devices in an organization are purchased personally by employees. With external cards capable of storing two megabytes of data, a variety of unsecured or proprietary data can be downloaded onto a device.

Check out these concerns

Here are a few common concerns that a company should address in getting their handheld security in order, based on feedback from executives around the country compiled while researching the subject for a future novel:

Check out these concerns

Here are a few common concerns that a company should address in getting their handheld security in order, based on feedback from executives around the country compiled while researching the subject for a future novel:

1. NETWORK PASSWORDS. PDAs are a very convenient place for employees to keep password information – like those hard-to-remember, 10-digit alphanumeric passwords that they’re forced to change every month. Passwords stored on an unprotected mobile device can be the gateway into a company’s entire network and all of the critical data and systems that it connects to.

2. CUSTOMER DATA. Here’s a lawsuit or PR nightmare waiting to happen. In the financial services industry, the loss of customer data could legally compel a company to contact every customer with the message that their personal information might have been compromised. There is also always a danger of a competitor gaining access to a customer list, along with sales history and contact information.

PRESS RELEASES. Picture that strategic announcement that’s scheduled for next month on the front page of the latest issue of a favorite business daily. Now that employees can view e-mail on their handhelds, as well as Word and Acrobat files, the probability of such documents finding their way onto an unprotected mobile is quite high. Many busy executives and sales staff use their handheld devices to view and edit documents when they are on the road or commuting. Legal troubles can also arise for public companies if the U.S. Securities and Exchange Commission learns that future press information was released prior to public distribution.

4. CREDIT CARD AND ACCOUNT NUMBERS. Another item that should never be stored on a mobile device is the company credit card number. With so much ordering via the Internet, it has become quite handy to keep account numbers a click-away by posting them on an Outlook note. These subsequently get downloaded onto the PDA when receiving e-mail or by other means.

5. FINANCIAL DATA. Although handhelds are not the best way to browse through large spreadsheets, they synchronize nicely and often find their way onto mobile devices. An in-progress annual report or the internal projections for next quarter’s sales is harmless enough so long as the data cannot leave the company. But an inadvertent leak of financial data can have catastrophic consequences.

6. E-MAIL. Employees’ in-boxes are often filled with their companies’ sensitive and proprietary information. Wi-Fi, Bluetooth and cellular equipped devices can download e-mail in a snap. An unprotected device presents a great liability potential to an organization.

7. INTRANET ACCESS. Even if most employees are responsible enough to never store passwords in their notepad, unfortunately, there’s a good chance that they checked the “remember user name and password” button on their mobile browser, leaving their company’s internal communication system exposed.

8. PRICE LISTS. This one is best told by an anecdote. A company’s best salesperson had just finished a great meeting with a top client. In all of the excitement, she accidentally left her handheld sitting on the desk on her way out. Unfortunately, curiosity got the better of her customer, who discovered a database of sales and prices for various customers. She returned home in triumph, only to find that her client was furious that their competitor was getting a better deal than they were.

9. EMPLOYEE INFORMATION. This specifically, but not exclusively, presents a danger to Social Security numbers. Aside from the litigation exposure, the loss of employee data such as payroll information can do great harm to an organization. Even if the mobile device is lost within a company’s office, exposure of confidential information to unauthorized parties can cause great problems.

10. MEDICAL (HIPAA) INFORMATION. Most companies don’t have $50,000 to throw around for every violation of the 1996 Health Insurance Portability and Accountability Act privacy standards. Now that doctors, nurses and medical staff have access to nifty new programs that run on their PDAs, this has become a very serious issue.

Feeling a bit queasy?

The good news is that there are relatively simple and economically feasible steps that a company can take to minimize their risk of data loss and secure their data from prying eyes.

Here are some basic security measures that a company can take:

Fact finding. The first step is to assess what exactly is at risk. How many employees currently synchronize personal handhelds to company computers? Does the company officially supply or support PDAs? If so, do specific groups within the organization use particular OS or hardware platforms? What kind of sensitive information may be at risk? Are there industry-specific rules for the security of the data? Don’t limit thinking to officially sanctioned information.

Create or extend a written security policy. If a given company has a written security policy, it should be extended to handheld devices. If deemed necessary, business can enforce the right to inspect and audit PDA contents at will. Although invading an employee’s privacy is not always easy to stomach, even used sparingly the practice can help to ensure maximum adherence to policies.

Track and tag the devices and display contact info on the opening screen. Gartner Group estimates that companies with more than 5,000 employees could save between $300,000 and $500,000 annually by tracking, tagging and providing contact information on PDAs and mobile phones. Not every person who finds a PDA full of contact, supplier or financial information works for the owner’s competition, although once lost, a company must assume the worst. This could be avoided, however, by adding enough contact information to allow the finder to get the PDA returned unspoiled.

Establish a personal PDA policy. If employees have their own PDAs, will the business allow synching with work computers? Are there special security concerns for the organization regarding specific handheld devices such as Linux OS PDAs, smart phones, etc.? Chances are, many, if not most of the handheld devices in any given organization are personally owned, rather than supplied by the company. It is crucial that policies define how, and to what degree handheld devices interact with the company’s data and systems.

Define sync limits. Can all data get downloaded to PDAs, or only specific files and folders? Should a company consider a network synchronization solution or limit connection to desktop PCs? Granted, this is very difficult to control. If someone has access to data, there are many ways to move it to a mobile device, ranging from copying to a memory stick or SD card, to sending a file via an instant messaging client. Nevertheless, by establishing limitations for synchronization, there will be much less inadvertent movement of prohibited information to mobile devices.

Consider firewall reconfiguration. If employees will use the PDA for wireless connectivity to the corporate network, consider installing extra protection. Reconfiguring or installing a firewall at the points where a PDA might upload or download information is critical. As part of a multi-layered security approach, make sure employees know that storing user names and passwords on their mobile devices is prohibited. An occasional audit of handheld devices will help keep people on their toes.

Define standard security software. It is critical that security policies are enforced through software that mandates appropriate security settings. A range of security solutions are available that will enable a company to establish and enforce security policies on their employees’ mobile devices.

PDAs are finding their way into a number of corporate activities, mainly because they are unique in being able to make decision-making data available to employees virtually anytime and anywhere. Advanced mobile devices can increase productivity and connectivity for many companies. However, convenience and efficiency must be available within a paradigm that does not unduly put valuable corporate assets at risk.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • iSec_Feature_image

    Top Ten Reasons to Attend iSecurity

    See More
  • cyber tactics feat

    Top 5 Reasons to Report Computer Intrusions to Law Enforcement

    See More
  • Security newswire default

    Top 4 Reasons to Fill Out the Security 500 Survey

    See More

Related Products

See More Products
  • A Leaders Guide Book Cover_Nicholson_29Sept2023.jpg

    A Leader’s Guide to Evaluating an Executive Protection Program

  • 9781138378339.jpg

    Surveillance, Crime and Social Control

  • The-Complete-Guide-to-Physi.gif

    The Complete Guide to Physical Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!