With PDAs now firmly entrenched within the corporate environment, many individuals and businesses are not properly securing the devices, which often contain details about customers and clients, as well as sensitive company information.

The mobile vulnerability survey 2004, commissioned by Pointsec Mobile Technologies and Infosecurity Europe, found that even though almost half of PDAs are used to send and receive corporate email and two thirds store client details, most do not use any form of encryption to help protect the data.

A third of users did not even have password protection on their devices.

While more than half of businesses now have a corporate policy relating to the proper use of PDAs - an all-time high figure - policies are not being enforced and business users are leaving corporate data highly exposed, the survey found. 'Clearly many companies are misjudging, or are perhaps just totally unaware of the amount of valuable information stored on personal and business mobile devices,' said Magnus Ahlberg, the managing director of Pointsec Mobile Technologies.

'Companies should ensure they have a mobile security policy and that all data is protected by centrally managed encryption and password protection,' he said.

Just last month a virus was created that allowed hackers to take over PDAs running Microsoft's Pocket PC operating system, antivirus company Kaspersky Labs warned. It was thought to be the work of a Russian hacker who is trying to sell it for use by spammers or hacking groups. It affects all versions of Pocket PC.