Thanks to their large capacities, portability, and simplicity, removable media have become one of the most popular types of storage devices around today. You’ve only to go down to one of the big computer shows to be offered a free memory stick as a stand give-away. If you take part in an IT training course, you might be given one with all your computer course notes stored on it.
If you’re like me, the advantages of using a small memory stick, Compact Flash (CF) card, or the digital camera memory card are indeed enticing. Gone are the days when you have to lug your laptop around with you on every long journey or on spells away from the office. Just attach a USB stick to your key ring and you can carry all the documents you could ever need without that heavy, cumbersome laptop forever being in your shadow.
Removable media devices are a fantastic new addition to the constantly growing assortment of computer gadgetry that add convenience - even fun - to the way we work. But at what price? As removable media grow in popularity, more people are using them in the workplace to store corporate information. Documents, databases, graphics, music, even films and video can be tucked away on these highly portable devices. Yet the security implications and risks of removable media are considerable and need to be seriously assessed.
What happens, for example, if you lose your key ring which happens to have attached to it a USB token containing all your downloaded – and unprotected – corporate documents?
You’re in luck, of course, if it only gets picked up by an inquisitive passer-by who, after reading it, finds your information is of little interest. But what happens if the information is accessed by a criminal, journalist or competitor? The entire contents of your PC could find its way into the public eye. Worse still, you can get held to ransom by the opportunist looking to bribe you so as not to expose the information that he/she has found on your company.
Perhaps most devastating of all, you could find the entire contents of your bank account emptied or even have your identity stolen. These scenarios are very real and have the potential to be incredibly damaging.
As an IT administrator, if you don’t have a handle on who is using removable media in your organisation, you have no idea who is downloading your intellectual property and other sensitive company information. You don’t know where it is being taken, or what risks to which it is being exposed.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.