As this document illustrates, there is a serious problem with regard to sensitive information and the handheld device. The following provides several suggestions as to how you can mitigate the risks we discussed.
Password Protect Your Device
Windows Mobile comes with a password protection feature that will lock the device to unauthorized users. There are also third party vendors who provide a lock and wipe program that incorporates password protection with a memory wipe feature if the wrong password is used. However, it is important to note that a logon will not protect the data on external memory cards.
All sensitive data must be secure using a known and proven encryption scheme/program. This is especially important for external media cards often used in PDA's. It only takes a second to remove a card from a PDA. We recommend you inquire as to the encryption scheme used. Windows Mobile includes a MS Crypto API that has so far proven to be solid. While there could be others, programs that use this API are probably going to be secure.
Given the statistics, it is recommended that PDA users limit the amount and type of data found on a device. Store files on different media cards, based on their function and only carry them with you when they are needed. By combining preventative security actions with reactive security fail safes (i.e. data wiping password programs), you can mitigate the security dangers even if the device is lost.
Use Computer Security Common Sense
The PDA is a handheld computer and should be treated as one. Do not download and execute untrusted software, use antivirus programs to scan/protect your device regularly, use a strong password and change it regularly, and disable unwanted services like Bluetooth. In short, employ the same precautions you would apply to your PC usage.