Survey: Increasing Usage Of USB Drives Leaves Corporate Information At Risk

An online survey has found that USB flash drive ownership has exploded with 100 percent of the 229 respondents having at least one such device -- 54 percent possessing between 3 and 6 -- and more than 21 percent owning as many as 10 or more.

While good news for vendors of these must-have items, the news may not be so welcome for security and compliance teams tasked with protecting the sensitive data residing on these omnipresent devices. With more than 85 percent of respondents confirming that their company allows the use of these removable media devices (and with many of those working where USB drives are banned confirming that they use them anyway), it is very concerning that more than half of the respondents confirmed their USBs were not encrypted, leaving the corporate information on them completely vulnerable if borrowed, lost or stolen.

Conducted by CREDANT Technologies, the survey found that the majority of people (68 percent) share their USBs with family, colleagues or friends, often leaving any sensitive data exposed and in jeopardy. Fifty-two percent of the sample couldn’t even remember what they had saved on their device which is worrying as 20 percent never delete the corporate data stored, even when they no longer require it. Even more alarming is the fact that 34 percent admitting they don’t know, at any given time, where all their USB devices are.

Unsurprisingly some respondents (almost 10 percent) admitted they had lost a USB device containing corporate data, yet fully 76 percent never reported the loss to their bosses. If it were discovered that adequate measures had not been taken to protect sensitive information, for example securing the data with encryption technology, these companies could be deemed to have breached one or more of the many data protection laws and regulations in place internationally, subjecting them to potentially heavy fines, expensive breach notification costs and significant negative publicity.

“Companies are spending millions on their security and it could all be in vain if they fail to close this basic area of vulnerability,” said Bob Heard, CREDANT’s CEO and founder. “If they have a workforce that are using USB storage media, blissfully unaware of the potential mayhem that these ubiquitous devices could potentially cause, no matter how much is spent the enterprise will never be secure. These small USB sticks can be, and often are, easily lost or stolen, thus leaving data, and those responsible for protecting that data, vulnerable.”

Another discovery of the study is that the increasing use of USB flash drives is just the tip of the iceberg, as 37 percent of the sample admitted to synchronising their iPhones, smartphones and iPods with their work devices. This practice potentially exposes their companies to a multitude of data risks and network disasters.

“Many organisations are either failing to take the problem seriously or to implement and enforce the right security, work practices and education for their users to address this problem,” Heard said. “Unsecured data on removable media is a significant and growing concern and organizations need to start planning now on how to close this vulnerability before they suffer a very expensive, and embarrassing breach.”

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3