Customer Information On Private USB Sticks
The company SanDisk, manufacturer of USB flash drives, has sponsored a study that focuses on the storage of company data on private USB flash drives. One result of this study clearly shows that many IT professionals are not aware of the potential risks.
Seventy-seven percent of the employees participating in the study have used private USB sticks to store job-related data. However, IT professionals underestimated the number of private USB sticks used for job-related purposes at only 35 percent.
Most often, customer data found its way onto the electronic storage medium (25%) followed by financial information (17%) and then sensitive business plans (15%). But employee data, marketing plans, intellectual property and source code were also copied onto private flash drives, which can be taken out of the office often uncontrolled and unnoticed. Even though employees do not intend to cause damage, the risk of losing the device or having it fall into the wrong hands is substantial, and can cause great damage to the company.
Selective Approval of USB Devices
Costly Intrusion Detection System (IDS) implementations and extremely expensive firewall solutions that protect from incoming attacks are useless if users at their desks can easily copy sensitive information on flash memory, and in the worst case scenario give it to a competitor. To control such scenarios effectively, programs like Drive Lock, Device Lock or Tetraguard are helpful—with these solutions, one can deactivate USB ports on the computer, while selectively allowing approval for certain devices. Approved devices are identified by the serial number or the hardware ID and activated. In addition, approved USB flash drives should also be capable of the hardware encryption.
The American company Kanguru Solutions goes one step further. The USB flash drives in the Kanguru Defender series are not only equipped with hardware-based encryption, but also be erased over the Internet.