PDAs have become a daily productivity tool for millions of business users. A new study of PDA users, however, points to a significant risk to companies, as large numbers of employees store company-sensitive information on the small, easily lost or stolen devices with virtually no security protection of any kind. The study, 2004 United States PDA Business Usage Survey, was conducted by the Graziadio School of Business and Management at Pepperdine University in Los Angeles and sponsored by Pointsec Mobile Technologies, a subsidiary of IT security company Protect Data. The random survey was administered to 230 business professionals across the U.S., all of whom use a PDA on a regular basis. Among the study’s key findings:
- Half of all respondents did not have any kind of security features on their PDAs other than standard power-on password protection;
- 81% of respondents carry “somewhat valuable” or “extremely valuable” information on their PDA;
- 24% of respondents have experienced a loss or theft of at least one of their PDAs;
- 38% access their corporate networks or multiple networks using their device; and
- 60% of all executive-level respondents say their business would be “somewhat” or “extremely” affected if the data on company-issued PDAs were lost.
“The data from the Pepperdine study tracks with similar research our company has done in countries outside the U.S. Clearly, unprotected PDAs are putting employers – whether corporate or organizational – at risk,” said Thomas Blitz, President of Pointsec Mobile Technologies, Inc., USA. “What’s more, despite the risk, many corporate executives still perceive security to be a less-than-critical PDA purchase consideration.”
Price, Ease-of-Use Most Important
The 2004 United States PDA Business Usage Survey found that 37% of executive-level respondents supply PDAs to their employees as a basic productivity tool. Yet when asked what factors are most important to their companies when considering a PDA purchase, “security” ranked third (57%)- behind “price” and “ease-of-use”.
Underscoring the risk to companies is the high financial cost resulting from data theft. In the eighth annual 2003 CSI/FBI Computer Crime and Security Survey conducted by the Computer Security Institute, a leading information security industry association, theft of proprietary data, while down from the previous year, was still listed as the number one cause of financial loss for businesses. Average loss by participating companies suffering a loss was approximately $2.7 million.