|One Step Ahead
April 29, 2008, Volume 54, No. 31
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
New Policy: Managing and Protecting PDA's and Their Data
Remember the days, not so long ago, when many of us walked around with two (or more) gadgets clipped to our belts—cell phones, Palm devices, pagers and others? Personal Digital Assistant (PDA) technology has advanced in just the last couple of years to the point where a single Blackberry, Treo or other “smartphone” device rolls all our “on the go” computing needs into a single convenient, compact package that has more computing power than the desktops of just a few years ago.
Of course, these devices are being used to collect and manage more and more sensitive and critical data, with the level of threats related to them rising as a consequence. Physical loss or theft are without doubt among the primary concerns, but PDA-specific viruses and other exploits are gaining more and more currency in the “hacker” community as well. Effective on April 15, 2008 Penn has adopted a new policy on the management and protection of personally-owned and University-owned PDAs that connect to and use University services.
Space does not permit a full discussion here of all the aspects of this policy, but some of the major security requirements and best practices include:
- Password protection
- Data encryption
- Reporting of loss/theft
- Device wiping in event of loss/theft
- Use of anti-virus software (where available)
- Backup of PDA data
Not all PDA’s owned and used by Penn people are subject to this policy, but regardless of whether yours is or not, please take a few moments to read the policy in full at: www.net.isc.upenn.edu/policy/approved/20080407-serverpda.html.
To receive weekly OneStepAhead tips via email, send email to firstname.lastname@example.org with the following text in the body of the message: sub one-step-ahead <your name>.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.