From: www.itworld.com

IT managers ignore removable media risk

by Radhika Praveen

June 12, 2006 —

 

Two-thirds of IT professionals use non-encrypted removable media at work in spite of being aware of the associated dangers.

The survey, conducted by mobile security company Pointsec, revealed that 56 percent of employees downloaded corporate information on to their memory sticks, up from 31 percent last year. While 65 percent of those surveyed were aware of the potential danger that removable media presents, 66 percent admitted to neglecting a revision of their current security policies (with regard to removable devices). Only 21 percent secured them with passwords and encryption, and just 12 percent of organizations banned them completely from the workplace.

Interestingly, 4 percent of the participants felt the best way to avoid loss or theft of information from their device was to keep it in their pockets, even if it meant sleeping with the USB stick around their necks.

The most popular use of the memory sticks was the storage of corporate data such as contracts, proposals and other business documents. Customer names and addresses were stored by 22 percent of the users, with others using them to store presentations, budgets and other documents. One respondent used his memory stick to store his hacking tools while 3 percent found them useful to store passwords and bank account details. Seventy percent used them for downloading music files, reported Pointsec.

The survey, of 248 IT professionals who had attended the Infosecurity Europe 2006 conference in London last month, highlights that with removable media plummeting in price, soaring memory capacities and more people using them at work, companies need to be educated about using them securely.

Martin Allen, managing director of Pointsec U.K. said: "Our advice is to introduce strict guidelines on the use of removable media devices in the workplace, and invest in encryption software which will allow administrators to force the encryption of all data put onto a mobile device. Companies will soon realize that this type of software is just as vital and inexpensive as using anti-virus software."

Pointsec identified that it could be difficult to prevent people from bringing in removable media devices into the office. However, the company said that if they didn


Techworld.com