Survey: Increasing Usage Of USB Drives Leaves Corporate Information At Risk
An online survey has found that USB flash drive ownership has exploded with 100 percent of the 229 respondents having at least one such device -- 54 percent possessing between 3 and 6 -- and more than 21 percent owning as many as 10 or more.
While good news for vendors of these must-have items, the news may not be so welcome for security and compliance teams tasked with protecting the sensitive data residing on these omnipresent devices. With more than 85 percent of respondents confirming that their company allows the use of these removable media devices (and with many of those working where USB drives are banned confirming that they use them anyway), it is very concerning that more than half of the respondents confirmed their USBs were not encrypted, leaving the corporate information on them completely vulnerable if borrowed, lost or stolen.
Conducted by CREDANT Technologies, the survey found that the majority of people (68 percent) share their USBs with family, colleagues or friends, often leaving any sensitive data exposed and in jeopardy. Fifty-two percent of the sample couldn’t even remember what they had saved on their device which is worrying as 20 percent never delete the corporate data stored, even when they no longer require it. Even more alarming is the fact that 34 percent admitting they don’t know, at any given time, where all their USB devices are.
Unsurprisingly some respondents (almost 10 percent) admitted they had lost a USB device containing corporate data, yet fully 76 percent never reported the loss to their bosses. If it were discovered that adequate measures had not been taken to protect sensitive information, for example securing the data with encryption technology, these companies could be deemed to have breached one or more of the many data protection laws and regulations in place internationally, subjecting them to potentially heavy fines, expensive breach notification costs and significant negative publicity.
“Companies are spending millions on their security and it could all be in vain if they fail to close this basic area of vulnerability,” said Bob Heard, CREDANT’s CEO and founder. “If they have a workforce that are using USB storage media, blissfully unaware of the potential mayhem that these ubiquitous devices could potentially cause, no matter how much is spent the enterprise will never be secure. These small USB sticks can be, and often are, easily lost or stolen, thus leaving data, and those responsible for protecting that data, vulnerable.”
Another discovery of the study is that the increasing use of USB flash drives is just the tip of the iceberg, as 37 percent of the sample admitted to synchronising their iPhones, smartphones and iPods with their work devices. This practice potentially exposes their companies to a multitude of data risks and network disasters.
“Many organisations are either failing to take the problem seriously or to implement and enforce the right security, work practices and education for their users to address this problem,” Heard said. “Unsecured data on removable media is a significant and growing concern and organizations need to start planning now on how to close this vulnerability before they suffer a very expensive, and embarrassing breach.”