Removable data storage media is an interesting subject. Tektronix latest introduction, the MSO/DPO5000 boasts a 2.5in 160Gbyte removable hard disk drive which the maker was keen to stress can be locked into the instrument.
I can remember the days of five and a quarter inch floppies and having to do tape back up every evening but now it seems that the USB drive has become ubiquitous. And this is becoming a security concern.
An online survey has found that USB flash drive ownership has exploded with 100 percent of the 229 respondents having at least one such device – 54 percent possessing between 3 and 6 – and more than 21 percent owning as many as 10 or more.
While good news for vendors of these must-have items, the news may not be so welcome for security and compliance teams tasked with protecting the sensitive data residing on these omnipresent devices. With over 85 percent of respondents confirming that their company allows the use of these removable media devices (and with many of those working where USB drives are banned confirming that they use them anyway), it is very concerning that more than half of the respondents confirmed their USBs were not encrypted, leaving the corporate information on them completely vulnerable if borrowed, lost or stolen!
Conducted by data protection specialists, Credant Technologies, the survey found that the majority of people (68 percent) share their USBs with family, colleagues or friends, often leaving any sensitive data exposed and in jeopardy. 52 percent of the sample couldn’t even remember what they had saved on their device which is worrying as 20 percent never delete the corporate data stored, even when they no longer require it. Even more alarming is the fact that 34 percent admitting they don’t know, at any given time, where all their USB devices are.
Unsurprisingly some respondents (almost 10 percent) admitted they had lost a USB device containing corporate data, yet fully 76 percent never reported the loss to their bosses. If it were discovered that adequate measures had not been taken to protect sensitive information, for example securing the data with encryption technology, these companies could be deemed to have breached one or more of the many data protection laws and regulations in place internationally, subjecting them to potentially heavy fines, expensive breach notification costs and significant negative publicity.
“Companies are spending millions on their security and it could all be in vain if they fail to close this basic area of vulnerability,” said Bob Heard, Credant’s chief executive officer and founder. “If they have a workforce that are using USB storage media, blissfully unaware of the potential mayhem that these ubiquitous devices could potentially cause, no matter how much is spent the enterprise will never be secure. These small USB sticks can be, and often are, easily lost or stolen, thus leaving data, and those responsible for protecting that data, vulnerable.”
The survey results can be viewed here.