I have always been an advocate of better security where USB storage devices are concerned. Beyond the threat posed by their sheer portability, another reason I mention it so much is probably due to the fact that they represent an area where small and medium-sized businesses are likely to scrimp. Other SMBs might also have the flawed perception that implementing better security for portable storage devices is too much work.
Regular readers might remember a couple of months back when I wrote about how the United States Army, in a move to reduce the threat posed by portable storage devices, imposed a ban on "USB sticks, flash media cards, CDs and other removable storage."
Just a couple of weeks ago, it found its justification for imposing the ban. A New Zealand man who bought a used MP3 player for a bargain literally got more than he asked for. Upon checking its contents, Chris Ogle found that the device also contained some 60 pages of U.S. military data, including the names and personal information of U.S. soldiers.
What I found interesting was that the unsecured data goes back as far as 2005. And while one might be tempted to conclude that such outdated files would probably be of limited value, I must add that military equipment and doctrine are not exactly things that change overnight. Having served a couple of years in the military, I know that new hardware typically take years just to design and manufacture, then some more years to train and commission. In addition, the personally identifying information also found has an even longer "shelf life." After all, how often does one move or change a Social Security number?
What I am trying to say is that it is of utmost importance for SMBs to protect themselves from the possibility of data breaches right from the onset. If unaddressed, this easily rectifiable issue would certainly snowball eventually into expensive and embarrassing security breaches years down the road. I hope you are convinced now. You might want to check out this post on a simple way for SMBs to secure their data.