Out-Law News 2 min. read
14 Jun 2005, 1:06 am
The use of USB-connected devices such as memory keys and flash drives is rising in the workplace, and companies need to be aware of how easy it is for staff to use them, lose them or take competitive information away on them, says Pointsec.
An employee's iPod could be used to download large volumes of sensitive data from the corporate network or to introduce viruses, worms or other malware when transferring data from a home PC to a work PC.
The company also warns that if the devices are lost or stolen, vast amounts of valuable company information could seriously expose a company to extortion, digital identity fraud, or damage to its reputation.
Pointsec’s survey of 300 UKIT professionals found that on average 31% of employees within a company are using the devices in the office, while in a third of companies, removable media is being used without authorisation.
Two-thirds of IT professionals who used the devices at work admitted that they did not protect them with encryption even though they were aware of the associated dangers. In fact, 90% of those surveyed were aware of the potential danger presented by removable media, but 41% did not know how easy it is to protect the data contained on the devices.
“There seems little point in companies spending vast sums of money on information security if at the same time they’re letting their staff use these devices at work which allow them unhindered access to download vast quantities of sensitive company information,” said Martin Allen, Managing Director of Pointsec UK.
“Organisations need to introduce strict guidelines on the use of removable media devices in the workplace, as well as investing in encryption software which will allow administrators to force the encryption of all data put onto a mobile device,” he continued. “Using this type of software is just as vital and inexpensive as using anti-virus software, yet only a fraction of organisations have woken up to the problem.”
Pointsec recommends that companies: