Even when used with the best intentions, the data stored on USB drives is generally not covered by routine company procedures, such as backup, encryption, or asset management. How can companies keep track of the data coming in or leaving the company via these devices? Keeping company data secure has become a significant challenge for any corporate IT department.
Recent events in the industry have been cause for concern, leading IT professionals to understand that new policies and technologies must be set in place to protect information being stored on personal storage devices.
The following are just a few episodes that have driven the message home.
When a professor from the University of Kentucky discovered that his flash drive was stolen, private information for 6,500 former students was suddenly at risk. The data, including names, grades and Social Security numbers, left thousands of individuals exposed to the threat of identity theft, not to mention the violation of their privacy.
Flash drives with classified military information were up for sale at a bazaar outside Bagram, Afghanistan. The US Army realized they had to secure USB drives, find a way to keep track of the devices, and ensure that the information could not be accessed by unauthorized personnel.
When company information is stored on non-secure and personally owned devices, employees put their company at risk every time they step out the door. Auditing companies are at risk of exposing account numbers, hospitals can be exposed if patient information falls into the wrong hands, and finance companies need to ensure that mission critical data is not lost. Once company data falls into the wrong hands, the possibility of threats and risk are almost infinite. Companies lose credibility, leave themselves open to lawsuits, and expose employees to ID theft or fraudójust to name a few.
The risks from personal storage devices can be classified as follows:
- Data exposure due to device loss or theft
- Unauthorized data extraction
- Introduction of malicious code.