Here are some security measures to take:

1. Fact Finding. The first step is to get a handle on what you're up against. How many employees currently synchronize personal handhelds to company computers? Does your company officially supply or support PDAs? If so, do specific groups within the organization use particular OS or hardware platforms? What kind of sensitive information may be at risk? Are there industry-specific rules for the security of your data? Don't limit thinking to officially sanctioned information.

2. Create or extend your written security policy. Hopefully, your company has a written security policy. If so, it should be extended to handheld devices. If you deem necessary, include the right of the business to inspect and audit PDA contents at will. This will help to ensure maximum adherence to policies.

3. Track and tag the devices and display contact info on the opening screen. Gartner Group estimates that companies with more than 5,000 employees could save between $300,000 and $500,000 annually by tracking, tagging, and providing contact information on PDAs and mobile phones.

4. Establish a personal PDA policy. If employees have their own PDAs, will the business allow synching with work computers? Are there special security concerns for your organization regarding specific handheld devices such as Linux OS PDAs, smart phones, etc.? Chances are, many, if not most of the handheld devices in your organization are personally owned, rather than supplied by your company. It is crucial that you define policies that effectively define how they interact with your data and systems.

5. Define sync limits. Can all data get downloaded to PDAs, or only specific files and folders? Should you consider a network synchronization solution or limit connection to desktop PCs? Granted, this is very difficult to control. If someone has access to data, there are many ways to move it to a mobile device, ranging from copying to a memory stick or SD card, to sending a file via an instant messaging client. Nevertheless, by establishing limitations for synchronization, there will be much less inadvertent movement of prohibited information to mobile devices.

6. Consider firewall reconfiguration. If employees will use the PDA for wireless connectivity to the corporate network, consider installing extra protection. Reconfiguring or installing a firewall at the points where a PDA might upload or download information is critical. As part of a multi-layered security approach, make sure your employees know that storing user names and passwords on their mobile devices is prohibited. An occasional audit of handheld devices will help keep people on their toes.

7. Define standard security software. It is critical that security policies are enforced through security software that mandates appropriate security settings. A range of security solutions are available that will enable you to establish and enforce security policies on your employee's mobile devices.

Obviously, not doing anything is not the solution. If you have just one staff member currently storing confidential information on a handheld device, your company is at risk. PDA's are in your organization because they are unique in being able to make decision-making data available anytime and anywhere. However, convenience and efficiency must be available within a paradigm that does not unduly put valuable corporate assets at risk. There are simple and low-cost steps an organization can take to protect the corporation. At a minimum, you should immediately take steps to safeguard the information on your own PDA. For additional information on this subject, you can visit www.pdasecurity-book.com. If there are other items that you think should have made our "top 10 list," feel free to email the author at bob.elfanbaum@asolutions.com.

About the Authors:
Bob Elfanbaum is CEO of Asynchrony Solutions, Inc., the developer of PDA Defense security software www.pdadefense.com. Bob is also co-author of "PDA Security: Incorporating Handhelds Into the Enterprise," published by McGraw-Hill and available at fine bookstores everywhere.

Mark Dinman has served as the product manager of Asynchrony Solutions' PDA Defense product since its inception.