Imation revealed the results of a recent survey of 302 IT decision makers in the US and Canada, which say that 37 percent of them reported that their business had unintentionally exposed corporate data through theft or loss of removable devices in the past two years.
Despite this, only 34 percent enforce encryption on all removable devices allowed on their networks (25 percent in the U.S. and 51 percent in Canada).
Other key findings from the survey include:
- 91 percent of companies allow removable storage devices on their corporate networks, including USB flash drives, smartphones (e.g., iPhones and Android devices), tablets (e.g., iPads and Android tablets) and optical media.
- While 81 percent of businesses have a policy regarding encryption of corporate data on employees’ own removable storage devices, nearly two-thirds of businesses report not enforcing encryption on those devices. Twelve percent leave it to the user to enforce encryption.
- 20 percent of businesses report not having a defined action plan to deal with a data breach, nor do they have intentions to draft one.
Furthermore, additional research has shown that more than 50 percent of employees use portable devices to take confidential data out of their business daily. And, according to a Ponemon Institute study, 75 percent of organizations have suffered data loss from negligent or malicious insiders.
“While most of the world’s enterprises are focused on protecting their networks from external threats from malware and hackers, the bigger risk for a data breach appears to be inside the organization. Workers are moving mass volumes of data on unsecured devices, often their own iPhones and flash drives, out of the network every day, and this makes businesses vulnerable to loss or theft of corporate or customer data,” said Lawrence Reusing, general manager, Mobile Security for Imation. “As the research illuminates, most organizations do not have a handle on the devices and data that can walk out their door every day.”
Imation offers the following best practices to protect your organization from data loss or theft:
1. Establish systems, policies and standards for new devices you bring into the workplace:
- All removable media and mobile devices should be encrypted.
- Implement centralized management of removable storage devices, including “remote kill” – disabling the device when it is connected to the internet – when possible.
- Implement audit and compliance controls so you know what is on those devices.
2. Employ solutions on the market that are available for managing and encrypting the removable storage devices that you already have in the organization.