Memory sticks security risk fear

Items such as media players, memory sticks and USB flash drives were now routinely used by a huge number of employees in the vast majority of UK businesses, but with little regard to the security threat they pose according to Pointsec

Their survey showed that two-thirds of IT professionals who used removable media themselves at work admitted to not protecting them with encryption, even though they were aware of the associated dangers.

Most IT security policies were written by IT departments, yet when quizzed on the security risks 65% of IT professionals knew they were a potential security time-bomb and two-thirds (66%) admitted to neglecting to include mobile devices in their current security policies.

If lost or stolen, vast amounts of valuable company information could seriously expose a company to extortion, digital identity fraud, or damage to their reputation, integrity and brand, said Pointsec.

Massive risk

Twelve percent of organizations had banned the use of removable media devices in the workplace altogether because of the risk to security. However their use was still on the increase with 56% of employees downloading corporate information onto their memory sticks, compared with 31% last year.

Only around 21% of removable devices in the workplace were secured with passwords or encryption.

The most popular use of memory sticks was to store corporate data such as contracts, proposals and other business documents, with customer information coming in a close second. Twenty two percent used them to store their customers' names and addresses, with others using them to store presentations, budgets and other documents.

Pointsec recommended that businesses issue strict guidelines on the use of memory sticks, including the importance of proper handling of mobile devices such as removable media. Non-company devices should be forbidden and encryption software used at all times.

'Strict guidelines'

Preventing people bringing removable media devices into the office was an "extremely difficult problem" according to Pointsec.

The mobile security specialists added that if companies were to prevent breaking legislation such as the Data Protection Act, Basel 2 and Sarbanes Oxley, they needed to "rapidly get to grips" with the risks associated with removable media and protect themselves.

Martin Allen, Managing Director of Pointsec UK said: "Our advice is to introduce strict guidelines on the use of removable media devices in the workplace, and invest in encryption software which will allow administrators to force the encryption of all data put onto a mobile device.

"Companies will soon realise that this type of software is just as vital and inexpensive as using anti-virus software."