T 5.124 Misuse of information on portable terminal devices

Portable terminal devices easily get lost and may be stolen easily (see also T 5.22 Theft of a mobile IT system). The smaller and more popular such devices are, the higher the risk of them being stolen. In addition to the loss of the media or device, further damage may be caused by the loss and/or disclosure of important data. In many cases this indirect damage is significantly more severe than the mere material loss of the device.

Examples:

• Data such as meeting notes or addresses stored to the PDA may well be of a confidential nature. Losing this device then may result in this stored information being disclosed.
• Many portable terminal devices have security mechanisms designed to protect them against unauthorised access. However, these security mechanisms are often designed too weakly, which is why attackers may overcome these easily. Even if they are present, they are often not used for reasons of convenience and so the confidential data is not protected at all in the event of loss.
• Portable terminal devices often contain access data to other IT systems or the LAN of the government agency and/or company. If an unauthorised person gets hold of a laptop or PDA with (static) access IDs, abusive access to internal data is possible
• With PDAs with integrated mobile phone (smartphones), a dishonest finder or thief may use the phone at the owner's expense if he/she knows the PIN, if the PIN can be guessed easily, or if the security mechanisms of the device can be overcome easily.
• Many PDAs and laptops are equipped with interfaces for using removable data media such as memory cards or USB tokens, for example. An unattended PDA or laptop with the corresponding hardware and software entails the risk of these data media being used in order to copy large amounts of data quickly. This does not even leave any traces.