Commissioned by security specialist Pointsec Mobile Technologies and Infosecurity Europe, the Mobile Vulnerability Survey 2004 found that two-thirds of PDA users do not use any kind of encryption to protect data stored on the device.
According to the survey, despite the fact that more companies than ever have introduced a specific mobile security policy - over 50% have a policy compared with 27% last year – the number of people encrypting their data or using passwords for their PDA has remained roughly the same for the last three years.
The survey also found that 50% of companies do not inform the police of the loss of their devices, as they believe there is nothing they can do. Similarly, almost half fail to inform their insurance company about the loss of a device. This is because few companies insure their mobile devices, let alone the data that resides on them, said Pointsec.
As well as using their PDAs to store company information, the survey found that many users store valuable personal information such as PIN numbers, bank account details, social security numbers, credit card information and even lists of passwords, many of which can be accessed - ironically - without a password.
Thirteen percent of the 68 IT managers who responded to the survey admitted to having lost their mobile device at one time or another – 30% had left it in a taxi, 20% in a car, 10% in an airport and 10% in a restaurant.
Forty percent of respondents said that they would not be re-issued with a new pager or PDA in the event of it being lost or stolen, while only 18% thought that they would get into trouble if it were lost.
Only 10% believed that they should worry about the potential loss of their mobile device because it could result in the company inadvertently breaching the Data Protection Act.
"Clearly companies are under-estimating, or are totally unaware of the amount of valuable information which is being stored on personal and business mobile devices," warned Magnus Ahlberg, Managing Director of Pointsec.
"Our advice is that companies should ensure that they have a mobile security policy and that all data is protected by centrally managed encryption and password protection," he added.