Sponsored by Kingston Technology, the Ponemon Institute recently released the results of "The State of USB Drive Security." The focus of the research was to better understand how complex business and government organizations manage the security and privacy requirements of data collected and retained on USB drives.
According to the Ponemon Institute, the lesson to be learned from the research is that organizations do understand they are at risk because of employees’ negligence, but are not taking the necessary steps to secure USB drives. The main reasons cited for not being proactive include: uncertainty about monitoring and tracking USB use in the workplace, desire not to diminish productivity and the reliance on employee integrity and trustworthiness.
The study also revealed that while these devices may be small, the data breaches that can result from lost or stolen USBs are huge. More than 70 percent of respondents in this study said that they are absolutely certain (47 percent) or believe that it was most likely (23 percent) that a data breach had been caused by sensitive or confidential information contained on a missing USB drive. On average, organizations in the study lost more than 12,000 records about customers, consumers and employees as a result of missing USBs.
This slideshow features 10 USB security practices the Ponemon Institute recommends that all organizations adopt and practice.
Provide employees with approved, quality USB drives for use in the workplace.
Create policies and training programs that define acceptable and unacceptable uses of USB drives.
Make sure employees who have access to sensitive and confidential data only use secure USB drives.
Determine USB drive reliability and integrity before purchasing by confirming compliance with leading security standards and ensuring that there is no malicious code on these tools.
Deploy encryption for data stored on the USB drive.
Monitor and track USB drives as part of asset management procedures.
Scan devices for virus or malware infections.
Use passwords or locks.
Encrypt sensitive data on USB drives.
Have procedures in place to recover lost USB drives.