Personal Digital Assistants (PDAs), and more recently, smartphones, have become indispensable to many professionals. If you, or your employees are using one of those handheld devices, and connecting them to the business network, you need to know about the security risks involved, and important precautions you can take to protect the information these devices hold.

In recent years, the capabilities of handheld devices have increased dramatically, from increased memory capacity, to the ability to support wireless connectivity. All of the features that make the handheld devices so appealing can also be used for malicious purposes, should the device fall into the wrong hands, or provide a backdoor into your business network.

What’s on your handheld?
Consider what kind of information is stored on your handheld device, and then think about how it could be used maliciously. What sensitive business-related information does the handheld hold? Customer details, financial records, or emails containing proprietary data? Unauthorized access to a handheld could result in theft and corruption of business data, disruption of transactions to and from the handheld, a loss of data, or malicious code could be passed into your business network from the handheld. And with handheld memory capacities on the rise, the amount of data lost could be substantial.

There is a good possibility you have stored valuable personal information like PIN numbers, passwords, bank account details, credit card or social security numbers. This is precisely why handheld devices have become a prime target for identity thieves.

The small business advantage
In large enterprises, insuring employee handhelds are secured is a nightmare for the IT security staff – that is, if they are even aware of the devices’ use. There is a growing problem of employees bringing in personal devices and connecting them to the corporate network, an activity unsanctioned by the security team. Being a small business with fewer employees, you have an advantage when it comes to being aware of, and managing the use of handheld devices. Start with user education.

Safe handheld practices
Whether you have one employee, or fifty employees using handhelds on the job, you need to educate users about the risks. One good way to do this is to create a written policy that spells out the potential threats, and the user’s responsibilities. Here are some good practices to instill in your employees:

• Download only from reputable sites. It's difficult to determine if free downloads from unfamiliar sites are legitimate. Don't take unnecessary chances when downloading from the Internet. If in doubt, don’t download.
  
• Beam only from another protected source. Be careful when “beaming,” or transmitting data from one PDA to another. An activity as seemingly benign as beaming electronic business cards could spell trouble. If that data contains a virus, the virus could be introduced to the business network when the handheld is synched to the PC back at the office.
  
• Synchronize often with a secure PC to prevent loss of data. Important contacts, appointments, and phone numbers should be backed up frequently. Then if you do get a virus that wipes out your memory, you only lose a small amount of data – or none at all.

Deploy security technology

• Encryption and Authentication. The portability of these devices puts them at great risk for theft or loss – the prime reason why encryption and password protection of stored data is a good first line of defense. If lost or stolen data were encrypted, the system would be unreadable without authentication and the use of a decryption key or methodology. Most devices come equipped with these security features, but the reality is that most users fail to utilize them.
  
• Run antivirus software on the PC and handheld. Antivirus software should run continuously in the background to defend your handheld and PC against viruses and other malicious code before they can damage your data. Be sure to run regular scans of the software versions and patches on the handhelds.

Every handheld is vulnerable to attack, and using it without the proper protection can even endanger your entire network. Remember that handheld devices are just a small version of a PC, and they require the same security precautions. Install antivirus software created specifically for your handheld, deploy the encryption and authentication features, and educate your employees on safe handheld computing practices – then everyone can enjoy the convenience of the handheld devices without compromising your business’ security.