The IT profession is turning a blind eye to the threats imposed by removable media, according to research from mobile security company Pointsec. By ignoring the very real danger of removable devices, such as media players and USB flash memory drives, companies risk jeopardising their security expenditure.
Two thirds of IT professionals who use USB flash drives themselves admitted that they did not protect them with encryption despite the fact they were aware of the associated hazards. And as removable media devices plummet in price, and memory capacity soars, the phenomena becomes more widespread in the workplace. While 64MB flash memory sticks are commonplace, high-end drives are now appearing that can store 4 gigabytes of data, equivalent to around 160,000 documents. And music players, such as the iPod, can capture up to 60GB of data.
Removable media devices are now used in 84% of companies, with a third of employees utilising them in the office. The proliferation of high capacity media devices on the market exposes organisations to infection from viruses, worms and other types of malware, and in the event of devices being lost or stolen, increases the risk of digital identity fraud, extortion and damage to reputation, integrity and brand.
They are also a relatively easy means of employees or contract workers stealing proprietary information.
"Storing information on [removable media] is not a new problem – not so long ago it would have been information stored onto a 1.44MB floppy disk. However, now the problem is a much greater storage [capability] and, therefore, it needs to be dealt with in the security policy," says Martin Allen, managing director of Pointsec UK. He adds that organisations should encrypt all data placed on mobile devices and introduce strict guidelines on the use of removable media devices in the workplace, whilst recognising that preventing people from using such devices is problematic.