Smart Phones "Bigger Security Risk" Than Laptops 174
CWmike writes "A recent survey of 300 senior IT staff found that 94% fear PDAs present a security risk, surpassing the 88% who highlighted mobile storage devices as a worry. Nearly eight in 10 said laptops were an issue. Only four in 10 had encrypted data on their laptops, and the remainder said the information was 'not worth' protecting. A key danger with PDAs was that over half of IT executives surveyed were 'not bothering' to enter a password when they used their phone. A VP at the company that performed the survey said: 'Companies need to regain control of these devices and the data that they are carrying, or risk finding their investment in securing the enterprise misplaced and woefully inadequate.' Is this just iPhone fear-mongering? Do you think the passwords execs could remember would help with securing PDAs and smart phones?"
There are other PDAs besides the iPhone (Score:4, Interesting)
In fact why is it fear mongering at all.
Do all slashdot submissions have to end in a catchy imbalanced question?
Well. (Score:4, Interesting)
If the execs were forced to go to the website to do anything, then they can do whatever the hell they want with their phone.
Make the tech better, not the people using it (Score:5, Interesting)
So I tried instead to setup an automatic lock on my device - I figure a power-on password should be fine. I set that up - and unfortunately, even though I set it to auto-lock after 1 hour of non-use, it NEVER asks for the power-on password. I've set it up exactly as Palm's site suggests... it still won't auto-lock the unit.
The thing is that the tech seems to need a fix before we can go about blaming the users. I've never lost a patient file or my phone, but obviously it would be a major problem if something like that did happen. Thankfully, the healthcare system I work for is going to electronic records, so nothing will be stored on my Palm anymore; I'll just use my cell plan to connect to the server (SSL encrypted) and access files wirelessly.
Still, there are other things I'd rather not have fall into a criminal's hands... hospital phone numbers, phone numbers of peers, nurses, other physicians, pagers, laboratories, etc. But my model, at least, is simply inadequate in protecting this data. Someone needs to come up with something better than what's currently available - maybe once it's "expected" - much like a password when you log onto Windows - it won't be such a big deal for people to use it.
Re:Nothing to fear from iPhones (Score:5, Interesting)
What use are passwords if you can circumvent them? (Score:1, Interesting)
Manager types just don't get security (Score:3, Interesting)
Then we had a conference at a hotel. And suddenly one of our top chiefs in charge comes out of the hotel management area with a report. Asking what this is about, I got this information:
He forgot to bring this report along so he asked one of our auditors who had the report to send it. From a different bank. Unencrypted. To the hotel. And he asked the hotel manager to print it.
My question whether he wants to end my life prematurely with a heart attack was met with a blank stare.
Re:IT departments securing handhelds (Score:4, Interesting)
That is the default position here on
For example, it is important in my job to keep abreast of news and blogs in my field. Now I can spend a couple of hours per day manually checking various sources, or I can set up RSS feeds, scan headlines, read deeper where needed and take care of this in 15 minutes. IT had disabled the RSS feed reader in Outlook, so I have to circumvent the way that IT apparently wants me to work. I use an offsite feed aggregator to avoid having to install unauthorized software. My having to circumvent IT to work means that there is dissonance between how IT sees my role and I (and my boss) see my role.
I tend to view new security measures as productivity killers because they are not accompanied by contextual interviews to see how I work.
iPhone, because... (Score:3, Interesting)
Now, that's not such a big problem as far as this particular issue (enterprise security) is concerned. What IS a problem is when one of the big mucketty-mucks in the company wants to start using an iPhone instead of a more secure enterprise-quality device, like the Blackberry (#1 device in enterprise messaging). Using an iPhone in the enterprise brings, to use the terminology of a network security expert, a huge shit-storm of security holes.
Feel free to google the subject- bottom line, iPhone has NO security. As the mega-popular "jailbreak" application handily proves. The issue isn't HOW to break an iPhone's security... it's choosing WHICH ONE would be easiest for you to work with.
A skillful hacker can get access to anything and everything on the iPhone. Want to use it as a mobile wiretap? No problem. Look through it's camera? No problem. Download the entire contact list, or install a keylogger, or grab any other information (including credit card numbers) held on the device. Not a problem at all.
And THIS is the kind of thing LUsers want to bring onto the network, and get all whiny when the IT staff tells them no. Personally, I don't care, since my place only gives wireless connections access to the internet (it's completely segregated from the "real" network). However, most places have a network designed by idiots, and those are the places most at risk... and most likely to trash their security in order to accomodate something like iPhone connectivity.
Now as a side point, my workplace is also testing MS ActiveSync, which is supposed to provide connectivity to the iPhone as an enterprise mail client. The tests have been... pretty substandard. We are primarily a Blackberry shop, and if anyone switches from BB to iPhone, they are going to be pretty disappointed if they expect the same level of functionality. Personally, I'll be waiting to get a Blackberry Bold.
Re:There are other PDAs besides the iPhone (Score:3, Interesting)
When I worked at Comcast the It department was THREATENED with retaliation and firings if we did not set certain executives blackberry's to not have any passwords. They hated to have to enter passwords and even complained and forced their way to even have their laptops not auto lock the login.
It's these immature executives that are the biggest security hole. And it's not getting better.
They demand to have it their way and will bully everyone including the IT department to do their bidding. And the CTO's at these companies dont have the balls to stand up to the execs and tell them, "you will do what my underlings tell you to do. and you will not fire them or threaten them."
Until then IT departments hands are tied. If you stand up for security you get fired by the first whiney bitch executive that does not want to be bothered with entering a passcode on his blackberry.
Re:Not surprising (Score:4, Interesting)
He's got the entire customer contact list. Our competition would pay at least $2500.00 for that.
He's got his email on there, Competition would love that as well.
Also 2 gigs worth of one note files on specific projects being bid on, internal documents
I'm betting to the right buyer his phone unlocked is worth at least $10,000.00 as it can generate at least a quarter million in additional sales and revenue.
Oh I know of at least 4 companies around here that would love to get their hands on that info.
gamemaster_bm seems to not know anything about business and the value of insider information. It's worth a crapload to that companies competition.