Plug and pay! How you can improve your portable data security to prevent costly breaches
They may be small, but their potential to create security scandals is huge. So why do so many businesses still allow their staff to use unencrypted USB drives to transport vital company information? It flies in the face of all the horror stories constantly making headlines throughout Europe. Barely a week goes by without an organisation or public sector body being hauled over the coals and publicly humiliated due to a ?lost USB stick? containing sensitive unprotected data.
In many ways, the only surprising thing is that more of these cases don?t happen. A new survey commissioned by Kingston Technology and carried out by the Ponemon Institute shows a worryingly laissez faire approach to USB drive use among European organisations. Poor governance, user negligence, sub-standard USB products, a lack of encryption? the survey shows European businesses have fallen into disconcertingly bad habits when it comes to using USB drives. Through their research, Kingston technology has also seen similarities with businesses in the Middle East. Ponemon Institute conducts independent research on privacy, data protection and information security policy. Its goal is enable organizations in both the private and public sectors to have a clearer understanding of the trends in practices, perceptions and potential threats that will affect the collection, management and safeguarding of personal and confidential information about individuals and organizations.
The diminutive devices themselves are barely bigger than a little finger, so it?s also hardly surprising that they do go missing. But when they do, there are simple things that organisations can and should be doing now to limit the fallout and tighten their USB security policies.
Firstly, organisations should always provide their employees with approved high-quality USB drives that comply with accepted security standards for use in the workplace. These should feature 256-bit AES encryption and up-to-date security technologies.
It?s all very well handing out approved devices to staff, but organisations must then ensure the use of these drives is properly enforced. Which brings us on to the next line of defence ? businesses should be defining and implementing acceptable and unacceptable usage policies and running awareness programmes. Staff must be aware that they can?t use a USB drive casually picked up at a conference or meeting, and should only be using company-approved devices.
That more companies aren?t deploying usage policies appears to be down to a misconception concerning the costs involved. According to Kingston?s survey many organisations think that trying to control USB drive usage will impact their productivity and budgets. The reality is that secure, easy-to-use USB drive solutions and policies are relatively easy to deploy and regulate ? particularly when compared to the cost to businesses of security breaches.
Inherent in any usage policy should be a program of regular scans to detect viruses or malware on the devices. That USB drives are commonly used for transferring data or files from one computer to another means they are prime targets for all manner of infections. It makes it all the more worrying that 67% of organisations canvassed in Kingston?s survey said they had no technologies in place to prevent or detect viruses or malware on USB drives being used by their employees.
Malicious code can be used to steal personal data, confidential company documents or simply allow access to an infected system. There?s no end of damage that can be unleashed. The likes of ?write protect? functionality ensures some USB drives can?t be written to when inserted into an uncontrolled machine, but the devices themselves should still be regularly scanned for infections.
However, if there?s one thing that staff, urged on by their employers, should be doing when it comes to protecting their valuable data, it?s using encryption. Passwords and locks should come as standard on almost all USB drives, but more than that, confidential or sensitive data on those drives carried outside of company premises must be encrypted. It?s such a simple thing to do but, alarmingly, Kingston?s survey found that 58% of organisations are still failing to do it. The repercussions can be highly embarrassing.
With the average cost to business from data lost on USB devices put at a staggering ?5.2million, according to research from the Ponemon Institute, and nearly two-thirds of European organisations having suffered such a loss, this is a problem that must be challenged head on. In the current economic climate, it?s even more important that companies foster a greater understanding of USB security among their staff and put the correct governance in place to ensure they?re not the next ones making the headlines ? in all the wrong ways.
About the Author
Antoine Harb is Business Development Manager, Kingston Technology MEA. Kingston has grown to be the world?s largest independent manufacturer of memory products. With global headquarters in Fountain Valley, California, Kingston employs more than 4,000 people worldwide. Kingston serves an international network of distributors, resellers, retailers and original equipment manufacturer (OEM) customers on six continents. The company also provides contract manufacturing and supply chain management services for semiconductor manufacturers and system OEMs.
Source: http://capitalbusiness.me/2012/08/03/improving-usb-security/
the hartford illinois primary 2012 michael bay zsa zsa gabor illinois primary trayvon martin 911 call kiribati
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন