.FLYINGHEAD PALMPILOT SECURITY
.TITLE Safeguarding your PalmPilot’s data
.OTHER
.SUMMARY What happens to your data if your PalmPilot is lost or stolen? In this very important article, Chris Guella explains what he went through when he lost his first PalmPilot, the lessons he learned, and how you can safeguard your data.
.AUTHOR Chris Guella
The PalmPilot is a wonderful, valuable, and extremely portable device, making it attractive to thieves. What happens if it gets lost or stolen? This article will show you how to safeguard your PalmPilot and valuable data.
.H1 The Story
A cool off-shore breeze swept over the sun-drenched beach and all of its occupants. I could hear the waves gently crashing against the shoreline. The frolicking voice of children filled the salty air. I was warmly nestled in the sand, life was good. Yes, a well-deserved vacation was in full swing. It was my curiosity that got the best of me, however, and I decided to explore the other sights of this dynamic seascape.
I packed a few things in my "fanny" pack and strapped it to my waist. I left behind my book, camera, backpack and Pilot 5000. I had owned the organizer for over a year. I looked around and observed two women who, I overheard, were in town to cheer for the Nebraska Cornhuskers in their national championship bid against the Tennessee Volunteers. Another group of guys and their girlfriends were settled only ten feet away. A family with three children lived only fifteen feet away. This was a little neighborhood. As safe as the street you or I grew up on.
As I departed my encampment I glanced at my backpack and its contents and decided to tuck it neatly under the lounge chair, hooking the shoulder strap under the leg. The purpose of hooking the strap was to thwart the attempts of a thief (if there could be any),or at least deter them, while they tried to figure out the puzzle. I started my journey and headed down the beach.
Upon return from my trek, only thirty minutes later, I found my things had been jostled and my towel had been moved. I knew immediately what had happened. My backpack was gone and so were the angelic families and youthful couples. Some new inhabitants had settled close by; but, when interviewed, none of them recalled any activity surrounding my backpack. Nobody saw a thing and my Pilot 5000, along with my backpack, camera and book, were gone forever. Clouds began looming over my head.
I took my remaining belongings and calmly headed back to my hotel. I then fruitlessly complained to the concierge, who cited anecdotes about others who had lost things. I knew there was nothing the concierge or anyone could do for me. I did the only thing I could. I retrieved my rental car, went to CompUSA, and bought a new PalmPilot Professional. I connected it to my IBM Thinkpad, hot-synched and was back in business within two hours – less three phone numbers I had collected that weekend. My new PalmPilot Professional had a back-lit screen, which was a nice improvement – making me feel a little bit brighter about my investment.
.H1 The Point
There are two points to this story. One, there is a little reminder about naivete and protecting personal belongings when vacationing. Second, the PalmPilot is an amazing tool that allows you to easily retrieve information. It has built-in redundancy that will save you a great deal of trouble during times of crisis. I could have lost or broken my PalmPilot just as easily as having it stolen and the subsequent lessons would remain the same.
What irks me the most, though, is that someone has all of my information. Due to this experience and subsequent analysis, I learned a number of things that may help you prevent the loss of sensitive data, limit your exposure, and help you protect and recover your information. And maybe keep the cost of your vacation down.
.H1 The Lessons
After hot-synching my new PalmPilot, I searched the unit record-by-record for items that represented a security risk such as credit card numbers, log-ins, PINs (Personal Identification Numbers), account numbers, etc. I did find a number of sensitive records, unprotected and very easy for the thief to read! I was now vulnerable and had to cancel some accounts and change some IDs.
.H1 Protecting your data
What I learned was that to protect your PalmPilot data, you should rank your information and place it into three categories:
.BEGIN_STEPS
.STEP General data: Names and addresses, general information, directions, day to day To Do items, etc. It doesn’t matter if this kind of information is viewed by others.
.STEP Private data: Doctor information, personal medical information, etc. This is information you would probably prefer not be viewed by others, but has no financial value.
.STEP Security data: PINs, account numbers, passwords, login IDs, etc. This critical information could be costly to lose and should be password protected and encrypted.
.END_STEPS
Protecting your data after categorizing it in this manner requires a three-pronged approach and will cost around $30. Well worth the investment for peace of mind!
.H1 General data
General data could be considered anything that would not be too harmful to you, no matter who got it. Even so, you would rather not let anyone have it. Since you probably keep all personal and business contacts, appointments, and To Dos in your PalmPilot, this information is inherently valuable. This type of data will require protection that will disable access to the PalmPilot should it be lost or stolen. To protect your data in this manner you should install a program called Check-In. Check-In is a security application for the 3Com Pilot or PalmPilot. When combined with PowerHack, it can automatically secure the PalmPilot device, password-protecting your data, and provide contact details (and even offering a reward-a good idea) to aid a safe return should the machine get lost or stolen.
Check-In displays the current time, date, and contact information. It also provides several configurable options, including one to set a ‘grace period’, after which the PalmPilot is password-secured. There is also an option to display entered passwords in either plain text, or as asterisks, and an option to switch to a user-defined application every time the PalmPilot is turned on. These features make the Check-In program a must have. Check-In’s security options range from displaying a simple welcome screen, to fully locking the PalmPilot every time it is powered off, providing the flexibility to suit your individual needs.
.H1 Private data
Private data could be personally harmful but not financially harmful for you if viewed by others. By using a built-in feature of the Palm OS, this type of data may be protected by setting a password and using the Hide Records option built in to your PalmPilot’s OS. This may be done by tapping the Applications silk screen and selecting the Security icon. By assigning a password you will then be able to have records that you may mark Private when editing. You do this by selecting Edit, Details, then Private. The problem with this technique is that if your PalmPilot is lost, the person finding your PalmPilot could have the ability to hot-synch and then look at your private records in a text editor, so it is not a highly secure means to protect your data. Keep this in mind when you are assigning private records: someone could read them if they were sophisticated enough to use HotSync and a text editor. If you have set a password in this manner, hot-synching to a computer that is not "yours" should require a password, however, different versions of the desktop software do not have this feature.
In addition, you should also install a program called SafeHack, a "Hack" that automatically turns the "Show Private Records" option to "Hide" every time you turn on the PalmPilot device. That way if you forget to "Hide" private records and someone else picks up your PalmPilot and turns it on they will not be able to view your private data. This is an added level of protection that takes away the human error.
.H1 Security Data
Security data requires the highest level of protection called encryption. This will prevent even sophisticated hackers from being able to view your most critical data. Your PalmPilot OS does not include this level of protection. To achieve this level of security you must install a third party program called Mobile Account Manager (MAM). MAM, shown in Figure A, resides on your PalmPilot and actually encrypts data stored in its database using a proprietary encryption methodology. This data may be replicated, for redundancy, and is protected by a password, making it virtually impossible to view information such as frequent flyer IDs, credit card numbers, PINs, or login IDs. This program is a must if you are planning to keep this type of information on your PalmPilot. Of course, not putting this sensitive data on your PalmPilot is another option.
.FIG A MAM resides on your PalmPilot and encrypts data stored in its database using a proprietary encryption methodology.
Mobile Account Manager by Mobile Generation Software has a free trial version on their website that can be purchased after trial and activated by passcode for $19.95. Go to their site (see the ad below) for trial version and purchase options.
One final note. HotSync often. If you do not own a PC, find someone you trust who does and HotSync as often as possible. Make it a habit. Have someone make a diskette copy for you, or create your own, and keep it in a safe place away from your PC and PalmPilot as an added level of redundancy. You will never know how much you need or miss your PalmPilot until you do not have it. Take it from someone who learned a valuable lesson and recovered safely with only a few mistakes and a little sunburn.
.BEGIN_SIDEBAR
.H1 Product availability
Mobile Account Manager (MAM) is available at http://www.mobilegeneration.com
Check-In is available at http://www.pilotgear.com
SafeHack is freeware by Water Lou and is available at http://www.pilotgear.com and http://www.pilotzone.com
.END_SIDEBAR
.BIO Chris Guella is a management and strategy consultant for financial institutions with American Management Systems, Inc. He may be reached at cguella@usa.net.
.DISCUSS http://www.component-net.com/webx?13@@.ee6ba36
