Slashdot Mirror

← Back to Stories (view on slashdot.org)

Smart Phones "Bigger Security Risk" Than Laptops

Posted by kdawson on from the low-hanging-fruit dept.

CWmike writes "A recent survey of 300 senior IT staff found that 94% fear PDAs present a security risk, surpassing the 88% who highlighted mobile storage devices as a worry. Nearly eight in 10 said laptops were an issue. Only four in 10 had encrypted data on their laptops, and the remainder said the information was 'not worth' protecting. A key danger with PDAs was that over half of IT executives surveyed were 'not bothering' to enter a password when they used their phone. A VP at the company that performed the survey said: 'Companies need to regain control of these devices and the data that they are carrying, or risk finding their investment in securing the enterprise misplaced and woefully inadequate.' Is this just iPhone fear-mongering? Do you think the passwords execs could remember would help with securing PDAs and smart phones?"

3 of 174 comments (clear)

  1. There are other PDAs besides the iPhone by Anonymous Coward · · Score: 4, Interesting

    So this is not just "iPhone" fear mongering

    In fact why is it fear mongering at all.

    Do all slashdot submissions have to end in a catchy imbalanced question?

  2. Make the tech better, not the people using it by CorporalKlinger · · Score: 4, Interesting

    I've had a Palm Treo 755p Smartphone for a about 9 months. I have a lot of medical data on my unit, including (unfortunately) some patient data. I've tried to use Palm's "Private Records" feature for sensitive data, but it's too complex and unreliable. Some things that I mark as private show up in the regular views anyway, without needing to be unlocked with a password, even after I try to "lock" them or mark them as "private" multiple times. I doubt they're actually encrypted, either - probably just a bit-flag which only some software on the device reads and uses.

    So I tried instead to setup an automatic lock on my device - I figure a power-on password should be fine. I set that up - and unfortunately, even though I set it to auto-lock after 1 hour of non-use, it NEVER asks for the power-on password. I've set it up exactly as Palm's site suggests... it still won't auto-lock the unit.

    The thing is that the tech seems to need a fix before we can go about blaming the users. I've never lost a patient file or my phone, but obviously it would be a major problem if something like that did happen. Thankfully, the healthcare system I work for is going to electronic records, so nothing will be stored on my Palm anymore; I'll just use my cell plan to connect to the server (SSL encrypted) and access files wirelessly.

    Still, there are other things I'd rather not have fall into a criminal's hands... hospital phone numbers, phone numbers of peers, nurses, other physicians, pagers, laboratories, etc. But my model, at least, is simply inadequate in protecting this data. Someone needs to come up with something better than what's currently available - maybe once it's "expected" - much like a password when you log onto Windows - it won't be such a big deal for people to use it.

  3. Re:Nothing to fear from iPhones by Idbar · · Score: 4, Interesting

    People with PDAs (I don't know if particularly iPhones), fail to realize that the PDA security is not the problem but the confidence they have that their PDAs can't fall into wrong hands. It doesn't really matter if your PDA is the most secure device against attacks, if something like a phone can be easily lost or stolen and you only have to "slide" your finger to unlock sensitive information.