Here is a list of options for protecting your corporate PDAs:
Clear the Device Before Sending in for Repairs
This may seem to be a bit extreme but it underscores two points that many people including security professionals do not always consider. The first of which is that the repair depot to which the device is sent now has a copy of any corporate information on that device. The second and usually less considered risk is that the PDA is almost a commodity hardware piece to the manufacturer and as such you may simply be sent a new device. If your PDA device is ever repaired, it may be resold as refurbished and expose corporate information to the new owner if not properly cleared in the refurbishing process.Use Power-On/Inactivity Password
This is the most common tip and one of the most effective for preventing someone who ‘acquires’ one of your corporate PDAs from obtaining anything more than just the hardware. Set a reasonable policy for inactivity on the PDA device that balances locking the device for protection and frustrating the user with frequent password requests. As an added note it is recommended to set your PDA device to erase the PDA if too many password attempts are performed. This can be done natively within most if not all of the Blackberry devices. Palm, Symbian, Windows Mobile devices will require some extra software such as Bluefire or Teallock to add the erase option if the password is entered incorrectly beyond the set threshold.Synchronize Regularly
Users not only use their PDAs to stay in touch with the office but now are more frequently using them to take notes, phone numbers, and information that if lost could not only be a security risk but also impact business success. Teaching users to frequently synchronize their PDAs with their desktop will ensure that the availability portion of security is maintained.Backup
Many modern PDAs have a backup function that will backup user files and settings. This is performed using backup software shipped with the PDA. This backup process typically creates a backup file that can be copied to a memory storage device and password protected for future recovery.Anti-Virus
To date every time a person has stated ‘there are few or no viruses for <insert OS here>’ they have come to regret it. While there are not many viruses in existence today for the PDA Operating systems, PDAs should be protected from viruses in the same manner as a corporate laptop or desktop. The old adage of ‘an ounce of prevention’ may save the next PDA virus from sending all your corporate information to the internet.Personal Firewall
Personal Firewalls will protect your PDA device against unauthorized connections via Bluetooth, IR, or wireless. Many of these personal firewalls come bundled with other PDA security features such as Airscanner. Features of PDA personal firewall security can include profiles which can be configured centrally and activate more or less restrictive profiles based on the type of network to which the device is connecting. The important thing to consider here is that generally your desktop has one network to defend against (Ethernet) and with a PDA device you have wireless, Bluetooth, and Infrared which underscores the importance of the firewall.Bluetooth
Bluetooth is a technology that has made wireless connectivity with devices very easy but this ease of connectivity also has some security implications. The most secure configuration is to disable Bluetooth completely but if this is not an option here are some tips to increase the security of your PDAs Bluetooth connections. The first security tip is to disable the 'discover' or broadcast mode of your PDAs Bluetooth connection. This means that Bluetooth devices will not be able discover your PDA but previously paired devices will function properly. The next security tip is to require a password from the Bluetooth device prior to pairing with your PDA. These two security changes to your PDA should prevent unauthorized Bluetooth devices from connecting to your corporate PDAs.IR Disable/Beam Securely
Most PDAs have an infrared port that can be used to synchronize PDAs, or ‘beam’ information from one device to another. The ability to beam information also can make PDA devices susceptible to remotely accepting commands (programming) and opens the door to viruses, hacking or other nefarious connections. It is best to disable the IR port or use a personal PDA firewall that blocks IR connections.Standards/Policy
While it may not be possible to standardize on a hardware platform, the IT security group can certainly set standards that these new PDA devices must meet. For example, a device that does not have the capability to incorporate a power on password may be excluded from consideration for corporate use. It is also recommended that the IT security group develop polices around PDA use and access in a similar fashion to laptop, thumb drives, and portable HDDs as PDAs present a high risk to corporate information loss. These policies and standards should be reviewed with PDA users so that they understand the risks and involved in protecting corporate security.As PDAs begin to make inroads into your organizations the security measures listed above will greatly aide your security group in making PDAs safer for your organizations computing environment. Initially this may be done on a case by case basis but as the number of PDAs increase it is recommended to search for options that allow administrators to have central control of the security of these devices.
