Advertisment

Over 50pc employees carry company data on USB sticks: Study

author-image
CIOL Bureau
Updated On
New Update

DALLAS & LONDON,US & UK:As threats to corporate data grow, and the cost of breaches increase, a survey of allegedly security conscious professionals has remarkably revealed that over half of respondents (52 per cent), who admit to carrying company data on a USB stick, do not encrypt it.

Advertisment

Remarkably, 11 per cent of this savvy audience, who really should know better, 'protected' their devices with passwords alone -- an insufficient defense that is widely understood to be easily breached!

The study, sponsored by CREDANT Technologies -- the market leader in endpoint data protection solutions, questioned 277 IT security professionals who view security seriously enough to spend time attending InfoSecurity Europe. Astonishingly, the type of unprotected data being carried would have serious repercussions to the organization should it be misplaced -- from intellectual property (67 pc) to customer data (40 pc) and employee details (26pc).

Data transported on any unencrypted mobile device -- such as laptops, handheld devices, smartphones, USB drives, CD-DVDs and other devices, are the equivalent of ticking time bombs waiting to blow up in the organization's face -- with mandatory audits, breach notifications, hefty fines and public humiliation likely to ensue. Worst of all there really isn't any excuse - organizations can easily arm themselves utilizing centrally-managed solutions that provide data-centered, policy-based protection across all endpoints, which simply won't allow information to be transferred without first encrypting it -- regardless of the device it's being transferred to.

Advertisment

MOBILE WORLD 

Sean Glynn, vice president and chief marketing officer of CREDANT Technologies, said, "If over half of this IT savvy audience are carrying unprotected sensitive information on USB sticks, and lets face it you can pick one up for less than GBP 10 in most good supermarkets, it makes me question just how big this problem is and, more importantly, what needs to happen to make organizations wake up to the risk. CREDANT won't rest on its laurels and as long as there are new devices coming into the arena, and new threats to protect them against, we'll continue to work with organizations' to deliver flexible solutions that track and report on where sensitive data is moving, and provide the right blend of data encryption and protection technologies to mitigate these risks."

As if evidence of the problem was needed, early this month (June 2) it was revealed that a USB stick containing personal information about children, that was neither encrypted nor password protected, had been lost by West Berkshire Council; it was also reported (June 4) that in March a staff member from Lampeter Medical Practice downloaded a database containing 8,000 patient details onto an unencrypted USB stick before posting it but it never arrived; the month previously (May 5) another USB stick, this time containing personal information on patients and staff at a secure hospital near Falkirk, was reportedly found lying defenseless in an Asda store car park. The UK is not the only country struggling with insecure mobile devices as, also last month (May 14), The Department of Veterans Affairs in the US suffered another possible breach of private data as it reported that a thief had stolen an unencrypted laptop that held the social security numbers and other information of 616 veterans.

The study also found that 11 per cent of the sample had experienced a breach recently, a figure that CREDANT hopes one day to be 0 per cent -- but Sean's not holding his breath.

tech-news