Tactical Advice

Padlock Your PDA

Keep remote access to your company's data safe and secure.
This story appears in the June 2006 issue of BizTech Magazine.

 


Photo: Jay Carlson
Ed Leffler, Director of Technology at Wayne Automatic Fire Sprinklers Inc.

Personal digital assistants, or PDAs, have been around for a long time. Over the years, the rise of the Palm, Windows CE — renamed Windows Mobile — various forms of “smart” cellphones, plus the proliferation of wireless connections — Wi-Fi, Bluetooth or the various broadband offerings of the cellular wireless carriers — have given PDAs the ability to be useful mobile nodes on your company’s network, offering significant productivity gains but carrying comparable security risks.

 

At Wayne Automatic Fire Sprinklers, one of the largest fire protection companies in Florida, we use third-party software that allows our Service Department to update service tickets directly in our dispatch and accounting systems. We’ve seen a boost in revenues and profits in the departments using the remote-access application. Things don’t slip through the cracks as easily, when service technicians can charge the customer for parts and equipment on the spot, as they are taken from stock on the service truck.

Such widespread remote access to our company data is not without risks. But there are relatively simple ways to secure the point of connection and keep company data and networks safe. For starters, make sure that virus protection programs and spyware detectors are installed and up-to-date, along with the latest security patches to all operating systems and applications. In our case, PDAs connect to company data through Microsoft’s Internet Information Services (IIS) running on a Web server behind the firewall. When we need to allow the PDAs and remote PCs a more direct connection to the data, we pass the connection through a VPN with encryption.

Companies using IIS should make sure to use the latest version. Until recently, the default installation enabled all sorts of options that can pose security risks. Now Microsoft ships IIS with most options disabled by default.

Disable the default Web site on IIS and store your Web site in a different location than the default. Make sure to use both network security as well as share and Active Directory security functions. Where appropriate, create roles and assign individual users to those roles. That way, when an employee leaves the company, or loses a PDA, the permissions don’t have to be completely rebuilt.

Make sure that the ODBC (Open Database Connectivity) data connections use strong passwords and run the IIS services and data access with service-level accounts, not a domain administrator account.

These are the minimum steps companies should take to secure their networks and data, while still making remote PDA access practical for the users who need it. There are more stringent approaches to consider. Yet there is a trade-off between tight security and ease of use. The goal of security measures is to minimize risks, so companies should carefully weigh the risks of a breach against the productivity gained by deploying PDAs for remote access.

And don’t forget to make and test your backups. I also recommend having at least one spare PDA on hand, in case it’s the CEO who leaves his or hers in a taxicab.

Ed Leffler is the director of technology at Wayne Automatic Fire Sprinklers Inc., a safety and fire protection company in Orlando, Fla.
Sign up for our e-newsletter

Security

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...
Edward Snowden Personifies t... |
The NSA leak shows critical areas where organizations can better protect their data.

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...
Curse Builds a Private Cloud... |
One of the top resources in online gaming builds out a robust infrastructure that can...
SDN at the Forefront of HP’s... |
Computing giant kicks off Interop 2014 with a series of announcements aimed at turning...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...