Monthly newsletter Weekly news roundup Breaking news notification    
Companies see the risk of removable media but still turn a blind eye

Get free weekly news by e-mailAccording to a survey on ‘Removable Media in the Workplace’ companies’ information security expenditure could still all be for nothing as they continue to turn a blind eye to the threat of removable media. The research, conducted by mobile security specialists Pointsec, shows that removable media devices such as media players, memory sticks and USB flash drives are now routinely used by a huge number of employees in the vast majority of businesses, but with little regard to the security threat they pose.

A staggering two-thirds of IT professionals who use removable media themselves at work admitted that they did not protect them with encryption even though they are aware of the associated dangers.

Most IT security policies are written by the IT department and yet when quizzed on the security risks, 65 percent of IT professionals knew they were a potential security time-bomb and yet 66 percent admitted to neglecting to include mobile devices in their current security policies.

The survey highlights that a large number of organisations have yet to address the problem of removable media. With removable media plummeting in price, memory capacity soaring and more people using them at work, companies need to be aware of how easy it is for staff to use them, lose them or take competitive information away on them, all in the palm of their hands. If lost or stolen, vast amounts of valuable company information could seriously expose a company to extortion, digital identity fraud, or damage to their reputation, integrity and brand.

Some of the headline statistics from the survey, conducted amongst 248 IT professionals during Infosecurity Europe 2006, reveals that:

* Twelve percent of organisations ban the use of removable media devices in the workplace.

* On average 56 percent of employees are downloading corporate information onto their memory sticks, compared with 31 percent last year.

* Only around 21 percent of removable devices in the workplace are secured with passwords or encryption.

* 65 percent of those surveyed were aware of the potential danger that removable media presents.

* 4 percent of the IT professionals interviewed felt that the best form of defence against loss or theft was to keep the device in their pocket and one chap slept with his USB stick around his neck to keep it safe and sound!

The most popular use of memory sticks is to store corporate data such as contracts, proposals and other business documents with customer information coming in a close second. Twenty two percent used them to store their customers’ names and addresses, with others using them to store presentations, budgets and other documents. One respondent used his memory stick to store his hacking tools while 3 percent found them useful to store passwords and bank account details! Seventy percent used them for downloading music files.

Martin Allen, managing director of Pointsec UK said “It is no surprise that we’ve seen such an explosive use of removable media in the workplace as they are convenient, cheap and easy to use. However, if not properly managed and controlled they can become a potential security timebomb.”

“Our advice is to introduce strict guidelines on the use of removable media devices in the workplace, and invest in encryption software which will allow administrators to force the encryption of all data put onto a mobile device. Companies will soon realize that this type of software is just as vital and inexpensive as using anti-virus software.”

The proliferation of high capacity media players and USB flash drives on the market makes it possible to save anything up to 100GB’s of information on one. This means an employee could download 8 million documents of valuable data on what appears at first sight to be just an entertainment tool. USB pen drives and USB memory sticks can now store 8GB’s of memory which equates to around a million documents.

To secure your company from the security implications associated with removable media and mobile devices Pointsec recommend that you:

1. Deploy user mobile guidelines or ensure that your corporate IT security policy includes corporate directives that states the importance of proper handling of mobile devices such as removable media.

2. Ensure that all members of staff are aware that their employee does not allow non-company devices to be used within the company network.

3. Use encryption software which enables centralised policy enforcement of strong encryption of all data stored at mobile devices and removable media.

4. Use policies to control the amount of login attempts that people may use to try and get at information they shouldn’t.

5. Have methods in place which enables encrypted data to be decrypted in a controlled way outside the corporate network.

6. The encryption process should be transparent and quick to the user, so that it does not interfere with their work or put any extra requirements on the user.

7. Have methods (independent of the end user) which enable decryption of all encrypted data within the company network

Preventing people bringing removable media devices into the office is an extremely difficult problem. However, although they are fun and convenient they are very easy to lose or abuse and therefore a real security threat. If companies are to prevent breaking legislation such as Sarbanes Oxley and The UK Data Protection Act, companies need to rapidly get to grips with the risks associated with removable media and protect themselves against these threats.

www.pointsec.com

Date: 16th June 2006• Region: UK/World • Type: Article •Topic: ISM
Rate this article or make a comment - click here



Copyright 2006 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help