Picture yourself in a critical business meeting with the most important movers and shakers in the company. You're called on for a final project delivery date, reach for your trusty Palm handheld...and it's gone!!

This may not happen to you, though the more important question is, what plans have you made should it happen? Buying new hardware and syncing data to a new handheld is easy; in fact this might be considered one of the Palm's greatest strengths. However, the scary part of losing your handheld is what happens the information it carries? Your friends, family, spouse and kids contact information? Your daily schedule, project data and client list? Credit card and PIN numbers hidden in so-called 'private' memos?

These are questions you should consider long *before* you lose your Palm handheld and the information it carries. In this month's feature article, I'll share my ideas on protecting your Palm's data and offer links to tools to help secure and protect your handheld.

Security Again? -- Actually, this topic was addressed in the February 2000 Palm Tipsheet 5.0 article "Special Feature: Palm Security":

http://www.palmtipsheet.com/html.texts/tipsht05.html

So, why follow up on a detailed security article? First, I know many readers are new users and may not be aware of how insecure their handheld might be. I'm trying my best to warn them to prepare for the worst *before* it occurs.

Secondly, I've recently read a report by Kingpin of the security firm @Stake, Inc. which details developer's backdoor entry points and security holes of Palm handhelds running OS 3.5.2 and earlier. I was reminded how many professionals use Palm handhelds to store sensitive data without understanding the security risks they may be taking.

http://www.atstake.com/research/advisories/2001/a030101-1.txt
http://www.atstake.com/research/advisories/2000/a092600-1.txt

Finally, my brother lost his Palm III at a restaurant last month, which has still not been found. This reality check hit close to home, reminding me how easily my Visor could be lost or stolen. I was challenged to review my security plans and adjust how I protect my handheld.

5 Steps to Better Security -- After reinforcing my Visor's protection I felt sharing my experience and ideas in the form of a feature article might be a benefit to you. I've boiled my ideas down to five steps; a simple process to consider for evaluating and updating your handheld's security.

Step 1: Limit Secure Information -- The easiest way to protect sensitive information is to not keep it on your handheld. Take time to consider how important each bit of data is and if it *really* belongs on your PDA. I do realize that while it's good to have a policy about what goes on your device, at some point you must decide which sensitive data is essential to carry. See the next four steps to help better protect this information.

Step 2: Protect Handheld Access -- Palm OS 3.5.2 and earlier provides a relatively weak password protection scheme which can be easily defeated. Your information can also be accessed on a desktop computer with any text editor (yes, even 'private' data) so you may want to consider a more powerful password access tool for your Palm Handheld and even consider securing your desktop computer. Palm OS 4.0 is said to address the security problems of 3.5.2, however OS 4.0 is new, and has not been fully tested.

For those still using Palm OS 3.5.2 or earlier, Daniel Seifert (creator of EasyLock) has created ShortFix. This free utility for removes offending developer's backdoor shortcuts cited in the @Stake security report:

ShortFix:

http://www.dseifert.com/shortfix/


Step 3: Encrypt Secure Information -- Limiting critical data may be impractical, and adding stronger password protection may still leave you feeling unprotected. If so, consider a strong encryption storage tool to protect your most critical data. Encrypted data could be cracked using a powerful computer, though most petty thieves will most likely not bother with strongly encrypted files in favor of selling your stolen handheld.

For more overall protection, consider a system level tool which encrypts your Palm's Address Book, Datebook, To-Do and Note Pad databases. Of course on-the-fly system-level encryption will slow your system's speed a bit but may be worth it for your peace of mind.

Step 4: Guard Your Handheld -- All these software protections are pointless if you aren't careful about guarding your handheld. Thefts of PDAs in public places are rising, so you must be vigilant about keeping your device close by. Some good practices are: never leave your device unattended, never leave it in your car or hotel room and be careful whom you accept beaming from. Consider turning off beam receive in your Palm's Prefs.

Professionals must be extra careful. Corporate and government high-tech theft is becoming much more common, so security measures are especially critical. While a remote scenario, a determined hacker
could install a text-capture utility on an unattended PDA, steal a device later and use passwords retrieved by the capture utility to access even encrypted data.

Step 5: Insure Your Handheld -- To protect against your handheld being lost, stolen or damaged, you may want to consider insuring your handheld. In many cases you may have the option to add coverage to an existing renterÕs or homeowner's insurance policy. This may be the least expensive option, though there may be limits to coverage (for instance, theft from an auto).

Alternately, dedicated PDA coverage may cover more loss scenarios. One such specialized service, PDAsLostOrStolen.com, insures 30 different PDAs and wireless modems against loss, theft or accidental damage. Prices range from $4 to $10 per month with $7.12 setup charge, and a $35-50 deductible.

http://www.PDAsLostOrStolen.com/

If you choose insurance, make sure you read the coverage and ask questions, so you know whatÕs covered and what isnÕt before making a claim.

Security Add-Ons -- We've covered five steps to protect your handheld; here's a brief selection of Palm OS software tools to consider:

System-Level Encryption Tools

-------------------------------------------

Jawz DataGator ($50 Professional, $40 Standard):
http://www.jawzinc.com/datagator/datagatorhomepage.htm

PDASecure ($50 Boxed, $40 Online):
http://www.TrustDigital.com/prod11.htm

Password Access Tools

--------------------------------

Commander & Commander Lite ($15 & $11):
http://www.palmation.com/software/commander/
http://www.palmation.com/software/commanderlite/

EasyLock & ShortFix ($5 & Freeware):
http://www.dseifert.com/easylock/
http://www.dseifert.com/shortfix/

OnlyMe ($10):
http://www.tranzoa.com/onlyme/onlyme.htm

PadlockHack & Padlock Plus (Freeware & $5):
http://ourworld.compuserve.com/homepages/mcdan/padlockhack.html

PDABomb ($30):
http://www.PDABomb.com/about.html

Sign-On ($20):
http://www.cic.com/products/signon/

TealLock ($17):
http://www.tealpoint.com/softlock.htm

Strong Encryption Storage Tools

-----------------------------------------------

CryptoPad (Freeware MemoPad Replacement):
http://www.multimania.com/mlabelle/

eWallet ($30):
http://www.iliumsoft.com/walletp.htm

LockBox (Freeware):
http://www.codecubed.com/lockbox/

Password Store ($15):
http://www.standalone.com/palmos/password_store/

PasswordWallet ($12):
http://www.selznick.com/products/passwordwallet/palm.htm

Safe ($10):
http://palm.pair.com/palmsafe.html

Secret ($19):
http://linkesoft.com/english/secret/

Web Confidential ($20):
http://www.web-confidential.com/

There are more tools than I can possibly list here; check PalmTracker, PalmGear and Handango to for many more security software tools:

http://www.palmtracker.com/
http://www.palmgear.com/
http://www.handango.com/

Good Reading on Handheld Security

---------------------------------------------------

Smaller.com -- Protect Your PDA:
http://www.smaller.com/article.cfm?id=2242

ZDNet -- Secure Your PDA:
http://www.zdnet.com/zdhelp/stories/main/0,5594,2403097,00.html

ComputerWorld -- Walking Disasters:
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO46867,00.html

Net.Worker News -- Keeping a Leash on your PDA's Data:
http://www.nwfusion.com/net.worker/news/2001/0209pdas.html

VNUNet -- Crackers can zap data off Palm Pilots:
http://www.vnunet.com/News/1116644

SC Info Security Magazine -- Within Your Grasp:
http://www.scmagazine.com/scmagazine/2000_05/survey/survey.html

Conclusion -- I sincerely hope this article draws attention to your own handheld's state of security. Whatever measures you consider adopting, take time *now* to implement them, so you won't have an awful experience later.