<i>"A third of professionals using mobile devices such as PDAs and smartphones do not use passwords or any other security protection, according to a survey by Pointsec Mobile Technologies. The results are all the more staggering as three out of ten of these sloppy handheld happy users were found to store their PIN numbers, passwords and other corporate information on them. What’s more, The Mobile Usage Survey 2005. . . was conducted amongst IT professionals who are supposedly more security savvy than the average employee. According to the survey, corporate personnel now store huge amounts of corporate data on their mobile devices, including customer contacts, email details, passwords and bank account details as well as personal and private information."</i><br /><br />The EETimes article makes worrying reading, especially for IT managers who will be concerned about the 77% of users who do not encrypt sensitive information on their PDAs, the 81% who use them to store business names and addresses, the 45% who use them for email and the 27% of users who store corporate information on them. Apparently travelling and 'having one too many drinks in a nightclub or relaxing in a restaurant' are the most common ways of losing PDAs. Businesses really should have policies and procedures in place to cover themselves, but the survey suggests than many don't. I've worked for some companies that have had a sensibly paranoid and balanced approach to PDAs, while others have had a <a href="http://en.wikipedia.org/wiki/Laissez-faire">laissez-faire</a> approach, which has gotten them into trouble, with users installing and copying whatever they liked onto them and corporate data going walkies. What are the PDA policies like for the companies you work for? Are they enlightened, enraging or entirely lacking and is your PDA protected?

I think the important thing to keep in mind, as was mentioned in the original post, is balance. All too many times, corporate policy can go from careless, to controls so tight you can’t even breathe, let alone get anything done. If management can have the self-control to avoid knee-jerk reactions to things such as this, there’s a chance to develop a policy that keeps their data secure, yet at the same time allow employees to leverage new technology to good advantage. Remember…balance.

If management can have the self-control to avoid knee-jerk reactions to things such as this, there’s a chance to develop a policy that keeps their data secure, yet at the same time allow employees to leverage new technology to good advantage. Remember…balance.

Agreed, which is why I used the phrase "sensibly paranoid", i.e. being concerned and putting in sufficient and sensible policies. Anyone seen any of those?