Although tremendously useful, removable media devices, due to their small size, guises and uses, can be a serious security threat to any organisation. Here are a few hints and tips on balancing the benefits of these devices against the risks they pose:
Step One – Security Policy - Removable media devices are not toys. Decide how you as a company want to manage them. It would be naïve to think you could simply ban all removable media; however, you should introduce removable media into your Security Policy and make sure that everyone on your staff reads and signs the policy. Also, explain to your staff what actions will be taken if the policy is ignored.
Step Two – Education - Inform your employees about security and its implications. Explain why certain controls have to be put in place. Don’t just impose those controls or users will ignore them.
Step Three – Encryption - Consider employing a mobile data protection product. Mandatory media encryption solutions are available that can be centrally controlled by the IT department. The best products are fast and transparent to the user, so as to not interfere with their real-time work. Such protection automatically encrypts all information loaded onto a USB token or other removable media. Access is granted only to the user who holds the password.
Step Four – Control - Implement device and executable control solutions that enable you to control exactly what devices can be connected to a system and what executable files can and cannot be run.
Step Five – Audit and Measure - Ensure that you carry out regular audits to find out who is using removable media.
In today’s complex digital world, nothing about security can be guaranteed. But by following these few simple steps, you can mitigate your risk and show that you have taken adequate steps to do everything you can to protect the information that is being carried around on removable media devices. Once you do, you’ll be able to sleep at night, safe in the knowledge that your company is not the next in line for public humiliation in the tabloids for allowing a leak of valuable information.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.