Wave Systems Corp. (fka WAVXQ)

[solas]

IT Professionals Ignore Removable Media Risks

http://www.ebcvg.com/articles.php?id=765

IT Professionals Ignore Removable Media Risks
Author: IT-Observer Staff
Monday, 13 June 2005, 13:50 GMT

Companies’ information security expenditure could all be for nothing as they turn a blind eye to the threat of removable media, according to a recently published survey. The survey highlights that a large number of organisations are yet to address the problem of removable media even though they are aware of the associated dangers.

The survey on removable media in the workplace, conducted by mobile security company Pointsec, highlights that removable media devices such as media players and USB flash drivers are now routinely used by a huge number of employees in the vast majority of UK businesses, but with little regard to the security threat they pose.

With removable media plummeting in price, memory capacity soaring and more people using them at work, companies need to be aware of how easy it is for staff to use them, lose them or take competitive information away on them, all in the palm of their hands. If lost or stolen, vast amounts of valuable company information could seriously expose a company to extortion, digital identity fraud, or damage to their reputation, integrity and brand.

The survey conducted among some 300 IT professionals, reveals that: removable media devices are being used in 84 percent of companies, on average 31of employees within a company are utilizing them in the office, 90 percent of those surveyed were aware of the potential danger that removable media presents, 41 percent of IT professionals are not aware how easy it is to protect the data on a removable media device and 66 percent of IT professionals who use USB flash drivers admitted that they did not protect them with encryptions even though they are aware of the associated dangers.

"There seems little point in companies spending vast sums of money on information security if at the same time they're letting their staff use these devices at work which allow them unhindered access to download vast quantities of sensitive company information,” said Martin Allen, Managing Director of Pointsec UK.

"Storing information on devices is not a new problem - not so long ago it would have been information stored onto a 1.5mb floppy disk, however, now the problem is a much greater storage problem and therefore, needs to be dealt with in the security policy. Organisations need to introduce strict guidelines on the use of removable media devices in the workplace, as well as investing in encryption software which will allow administrators to force the encryption of all data put onto a mobile device. Using this type of software is just as vital and inexpensive as using anti-virus software, yet only a fraction of organisations have woken up to the problem."