USB Flash Disks: A modern day business curse?
Is the small USB drive that’s resident in many professionals’ pockets these days actually housing a major security threat? We investigate…
On-site technical support is, as the majority of IT staff will happily tell you, a succession of running battles at the best of times, without the input of unwelcome surprises.
Yet, over the past few years, the market has seen an explosion in the number of USB flash memory sticks in people's possession. Where once they were a nice gadget, a flashy accessory, they've increasingly become a day-to-day storage solution that a greater number of people are relying on.
Part of the reason for this explosion in ownership and use is cost. Even corner shops have been known to have a 1GB stick on sale, rarely costing more than a tenner or so. In fact, one British stationary chain was selling a five pack of 1Gb sticks for 20 this past weekend.
Then there's the fact that modern computers universally accept them, in the vast majority of cases not even demanding a driver installation to do so. But the other factor is the sheer convenience of carrying everything round, be it pictures, work, large presentations or whatever, on something that laughs at the physical size of an optical disc.
Call SecurityAnd yet with great convenience comes great problems, as the USB flash disk is proving to be a security nuisance of some gravity.
The first and most obvious reason for this is the disks themselves. While more premium models come with some form of in-built protection software, so that at least you can password-protect or encrypt the contents of the disk, the majority don't. Furthermore, even when people tend to have the option of protecting their data, it's not one that they tend to explore.
As such, flash memory disks, often containing vital business information, are proving to be a real threat. After all, any data stored on a network has levels of protection that will at least keep all but the most determined data bandit at bay.
Yet one pickpocket, or one disk falling out of a pocket on a bus, and that could be every security barrier gone in a quick second (and let's face it, how many of us have seen a flash disk lying around at some point, with no clue as to who the owner is, or their whereabouts?). The secondary issue tends to be that many also don't back up the data on a flash disk with any regularity, so even if the lost data doesn't fall into the wrong hands, there's no recent copy to fall back on.
Network administrators can spend huge sums of money on implementing adequate security, and plenty of time on educating users on the importance of protecting data, yet one small device the size of an eraser can make all that work moot. No wonder a growing number of companies are introducing a blanket ban on them.
MalwareBut there's another problem too: that USB flash disks are a Trojan horse for bringing all sorts of malware right into the middle of an organisation.
This is rarely intentional, of course, but again it comes down to the fact that a USB disk tends to be used in an environment outside of a company's control.
Thus, it could be used on an individual's home computer whose defences aren't watertight, and that provides a path for malicious software to end up on the disk. Also, users even if the USB disk is provided by their business inevitably use it for personal reasons too, such as moving music and movies around. The same is true the other way round too, that personal drives are being used to move around business data. Any mix of personal and business usage on a single drive raises a flag, but this is happening in a way that is simply impossible to monitor.
In This Article
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now