The State of USB Drive Insecurity
Insecure USB drives have created a significant risk for lost data as well as the spread of malware.
IT departments have known about the risks posed by USB drives for years now.
But, as our Mike Vizard reports, a recent survey shows that IT still exerts very little control over removable storage, even though it poses a world of security risks. Thumb drives tend to go missing, and if they contain unencrypted data, you have a breach on your hands. And an unscanned thumb drive is a main suspect in the recent spread of malware to the Iranian nuclear facility.
Our partners at Info~Tech Research Group have developed a six-page Removable Media Acceptable Use Policy that applies to a wide range of USB-connected devices, from thumb drives to digital cameras to MP3 players. Ultimately, all of these devices are hard drives that can connect to your local systems and network. The policy, which also extends to DVDs and CDs, is available for free download to IT Business Edge members here in the IT Downloads library.
Some key tenants of the policy include:
The policy goes on to describe IT's authorities to run audits as it sees fit to respond to threats from USB-connected devices. These terms include requiring employees to submit their personal hardware to the audit, assuming it has been approved for connection to the network.
Another key issue in protecting corporate data from simply being misplaced on a portable drive is encryption. There are several tools on the market for this, including flash drives where the process is built in. Business-class versions of Windows 7 include Bitlocker to Go, which can be configured by group policy to run against any device, including removable drives. Of course, if your company is deeply concerned about vital information getting outside the company walls, you should consider investing in a data loss prevention (DLP) system.