Organizations still fail to control USB devices

A survey has found that USB Flash drive ownership has exploded with 100% of the 229 respondents having at least one such device and more than 21% owning as many as 10 or more.

While good news for vendors of these must-have items, the news may not be so welcome for security and compliance teams tasked with protecting the sensitive data residing on these omnipresent devices.

With over 85% of respondents confirming that their company allows the use of these removable media devices (and with many of those working where USB drives are banned confirming that they use them anyway), it is very concerning that more than half of the respondents confirmed their USBs were not encrypted, leaving the corporate information on them completely vulnerable if borrowed, lost or stolen.

Conducted by CREDANT Technologies, the survey found that the majority of people (68%) share their USBs with family, colleagues or friends, often leaving any sensitive data exposed and in jeopardy. 52% of the sample couldn’t even remember what they had saved on their device which is worrying as 20% never delete the corporate data stored, even when they no longer require it.

Even more alarming is the fact that 34% admitting they don’t know, at any given time, where all their USB devices are.

Unsurprisingly some respondents (almost 10%) admitted they had lost a USB device containing corporate data, yet fully 76% never reported the loss to their bosses. If it were discovered that adequate measures had not been taken to protect sensitive information, for example securing the data with encryption technology, these companies could be deemed to have breached one or more of the many data protection laws and regulations in place internationally, subjecting them to potentially heavy fines, expensive breach notification costs and significant negative publicity.

Bob Heard, CREDANT’s CEO believes, “Companies are spending millions on their security and it could all be in vain if they fail to close this basic area of vulnerability. If they have a workforce that are using USB storage media, blissfully unaware of the potential mayhem that these ubiquitous devices could potentially cause, no matter how much is spent the enterprise will never be secure. These small USB sticks can be, and often are, easily lost or stolen, thus leaving data, and those responsible for protecting that data, vulnerable.”

Another discovery of the study is that the increasing use of USB flash drives is just the tip of the iceberg, as 37% of the sample admitted to synchronising their iPhones, smartphones and iPods with their work devices. This practice potentially exposes their companies to a multitude of data risks and network disasters.