Forty per cent of businesses feel they do not secure handheld devices to the level they secure laptops, according to new research from Orange and the analyst house Quocirca, which surveyed 2,853 IT professionals. As increasingly powerful handheld devices store more critical data, businesses are leaving themselves open to a new source of security risk, the research argues.

"We found that increasing numbers of PDAs and advanced mobile phones are being used in business, but the measures organisations take to secure the data stored and accessed by these devices are often inadequate. The issue is compounded by the insufficient levels of technical support and training given to users," said Rob Bamforth, Principal Analyst, Quocirca.

The research shows that IT managers acknowledge the threat. They have more concern over loss, damage and unauthorised use of devices compared to security risk at a network level, as the highly mobile nature of handheld devices makes them easier to lose or steal. Yet, usually due to the lack of centralised management, mobile devices are often unprotected. Conversely, as service providers embrace encryption technology and virtual private networks (VPNs), the majority of security concerns are less related to technology and more to human factors.

"Security in mobile working has now evolved to a point where all the risks are manageable - it should not be an impediment to adoption. To properly address concerns regarding mobile security, businesses must embrace mobile technology and proactively manage security as it does with other parts of IT infrastructure. It is disturbing to think that the vast majority of mobile device users have not even guarded against unauthorised access by applying a straightforward password," said Clive Richardson, head of product development, Orange Business Solutions.

Orange customer Coventry University Enterprises Ltd takes security very seriously. All laptops are connected to the central system via a virtual private network (VPN). Cisco's firewall technology is deployed and encryption used for sending data from laptops. The C500s used by employees have 128-bit secure socket layer encryption and a secure password policy has been rolled out for accessing data from mobile devices. All mobile workers are fully trained, and have a formal mobile working policy to adhere to.

Security requirements are as individual as companies, but there are some common guidelines that companies can follow. These include setting parameters on what information can be stored, accessed and transferred by mobile devices, frequently backing up devices and ensuring strong user and device authentication for all mobile devices. Orange smartphone devices, which include the SPV C500, SPV M1000, SPV M2000 and the Treo 650, all come with back up and authentication functions. In addition, the Orange network has been awarded the BS7799 security accreditation, the most widely recognised security standard in the world.