Clareity Consulting - Publications - Real Estate focused Security Articles

Real Estate Information Technology Consultants

Security Articles

Improving PDA Security

Author: Clareity Consulting (www.callclareity.com)

More than half of REALTORS® use Personal Digital Assistants (PDAs) – devices that create a significant information security risk. Real estate professionals use PDAs to store sensitive data, including email, contacts, documents, spreadsheets, passwords, bank account information, and MLS data. More than a quarter of PDAs are lost, according to a 2003 survey conducted by Pointsec Mobile Technologies, and that’s just one part of the problem. PDAs and memory cards are stolen or infected by viruses; wireless transmissions are intercepted, and many professionals don't enable passwords on their devices, allowing anyone who finds or steals their PDA to see their data. Besides keeping as little information as possible on your PDA, there are many steps you can take to secure it:

The most basic step is to reduce the risk of losing the PDA. Keep it locked up in a briefcase, desk drawer, or lockable case when not in use - do not leave the PDA unattended in plain sight.

Require a hard-to-guess password to access the device and its applications - if you don't already require a password on startup, there's nothing to stop someone from accessing your information. Whatever you do, don't configure your PDA applications to memorize your application and web site passwords.

Most people are not aware that viruses can affect their PDA. There are many anti-virus tools for PDAs, and you can download a free antivirus software for many PDA models from Trend Micro (http://www.trendmicro.com/download/product.asp?productid=2). Using a wireless connection poses a substantial risk that your information can be intercepted. If you must use an unencrypted wireless connection, the web sites and email providers you use should provide an SSL encryption option to reduce your risk. If your office or service provider offers a Virtual Private Network (VPN), that will provide an even greater degree of protection. Many security products for PDAs exist to encrypt the information on the device - they put a password on your data, which you must enter to access the information. Examples include:

Kaspersky: Security for PDAs, http://www.kaspersky.com/

Utimaco: SafeGuard PDA, http://www.utimaco.us/products/pda/

Applian: PocketLock (PocketPC only), http://www.applianmobile.com/

Softwinter: Sentry 2020 for PocketPC (PocketPC only), http://www.softwinter.com/

TealPoint Software: TealLock Plus (Palm OS only), http://palmsource.palmgear.com/

To encrypt your data on a Blackberry with a password already set, just click Options > Security and set Content Protection to Enabled to encrypt your data.

There's no such thing as perfect security. If you run a program from an untrusted source on your PDA, none of the steps mentioned above will be a cure-all. But, if you've taken the basic steps to secure your PDA and have your email address on the back, you don't have to worry as much about the information on a lost PDA – and you may even get lucky and have it returned to you.

About the author: Matt Cohen is Clareity Consulting's Chief Technologist and leads its security assessment practice. Matt has spoken at many conferences, workshops and leadership retreats around the country on security related topics, and is a well-regarded real estate industry expert on software design, product management, project management, data center reliability, scalability, and security. Clareity Consulting was founded in 1996 to provide information technology consulting to the real estate industry and its related businesses.