Why You Shouldn't Let Your Employees Use USB Devices In A Workplace

By SpiderGuest

2 December 2010

Well news came through earlier this week that the Information Commissioner Office (ICO) is giving companies a fixed penalty in terms of a quite significant fine for data breaches. We heard from sources that on the 24th of November 2010, Sheffield based employment services company A4e receive a fine of £60,000 for having a laptop stolen which contained unencrypted details of over 20,000 people and really who can blame them for being fined.

News has now come through of an online survey which found that USB Flash sticks ownerships has grown to 100% of the 299 respondents have at least on such device, 54% of the questioners have between 3-6 and 21% of the questioners having as many as 10 or more.

Now this isn’t anything shocking – at the moment. It just says that for vendors like Kingston that sales must be pretty good. The thing which isn’t nice and definitely isn’t welcome is the work required by the security and compliance teams tasked with protecting the sensitive data held on these devices.

Out of the 299 respondents of the questionnaire, over 85% of them confirmed that their company allows them the use of removable plug and play media devices – and some respondents even confirmed that they still used a USB device even if it was prohibited from their company premises. Now just to recap the security levels of a USB stick – they have no authentication and don’t require a password which is why they are called plug and play (unless you have a USB device such as a U3 by Cruzer) and prohibited from most company premises for file transfer; this is because device could be vulnerable to falling into the hands of the wrong person, misplaced or even stolen.

The company which conducted the survey, Credant Technologies found that the majority of people (68%) share their USB device’s with their family, colleagues or friends which can leave confidential and sensitive information available to be exposed or compromised.

Not only this but the survey unveiled that an astonishing 52% of people couldn’t even remember what they had saved onto their removable media device which is rather worrying and to put salt on the wound, 20% of the questioners never deleted the corporate data stored on their USB devices.

Alarm bells starting to ring now and I’m guessing you’re trying to rummage around to look for that old USB stick?

Well, 34% of them admitted that they didn’t know, at any given time where their USB device even was! 10% even said that they lost their USB device containing corporate data and out of that 10%, 76% never decided to report the loss of their USB device containing corporate information on to their boss or manager.

Bob Heard, Credant’s Chief Executive Officer (CEO) and founder said:  “Companies are spending millions on their security and it could all be in vain if they fail to close this basic area of vulnerability. If they have a workforce that are using USB storage media, blissfully unaware of the potential mayhem that these ubiquitous devices could potentially cause, no matter how much is spent the enterprise will never be secure. These small USB sticks can be, and often are, easily lost or stolen, thus leaving data, and those responsible for protecting that data, vulnerable..”

“Many organisations are either failing to take the problem seriously or to implement and enforce the right security, work practices and education for their users to address this problem. Unsecured data on removable media is a significant and growing concern and organizations need to start planning now on how to close this vulnerability before they suffer a very expensive, and embarrassing breach.”

Sync your iPhone with a work PC?

37% of the questioners admitted to synchronising their iPhones, smartphones or iPods with their work devices which has the potential of exposing the companies to a whole array of risks and disasters on the network.

Need to understand security risks within your company and eliminate the change of a data breech?

Speak to SpiderGroup or give us a tweet @SpiderGroupUK and we will happily get in contact with you and talk you through the necessary precautions and measures you need within your company to stop you from becoming a statistic.

-Via Tech Watch

For more information, call us on 0117 933 0570 or fill in our contact form and we’ll get back to you.

This site doesn't support mobile landscape mode.
Please rotate back to portrait mode.