USB flash drives: small device, major headache?
EU Agency ENISA advises companies on 12 threats from accidental loss or theft of confidential corporate data on unsecured USB flash drives
Today’s trend of being “always on”, fully mobile and connected has led to the significantly increased use of mobile devices such as notebooks and personal digital assistants. Personal storage devices such as flash drives have become universal business tools in an effort to maintain productivity when out of the office. First marketed in 2000, 85 million USB flash drives were sold in 2007.
And yet these mobile devices often lack security control - 80-90% of USB flash drives sold to business last year were not encrypted – are not stored in a secure location and used without limitation. Despite the fact that they might contain private data, financial information, business plans or other confidential records, ENISA warns that USB flash drives are usually overlooked by corporate policies on audits, back-ups, encryption and asset management.
Often devices are inadvertently lost such as when the UK Revenue and Customs misplaced an unencrypted CD-ROM with the personal details of 25 million taxpayers. In a Datamonitor survey of 1,400 ICT professionals, 60% revealed they had experienced a ‘data leak’, 61% of which believed it to be the work of insiders. More often than not, criminals seek out flash drives as their theft usually goes unreported due to their small size and low cost.
The Executive Director of ENISA, Mr Andrea Pirotti commented: “The cost of a USB flash drive may be insignificant but the value of the data it might contain can be priceless. ENISA strongly encourages companies with highly regulated or sensitive data to better manage the use of ‘plug-and-play’ devices. But equally all organisations should establish a first line of defence by increasing awareness of the risks and available safeguards. Data loss is not just a security concern for the IT department but a strategic issue with far-reaching implications for a firm’s future.”
Among its 19 recommendations, the Agency specifically highlights the importance of a risk assessment to understand the costs of data leakage and the controls needed to offset this threat. Companies also need to introduce security policies for these devices and consider authentication and encryption tools.
The full report is available at: http://www.enisa.europa.eu/...
ENISA - European Network and Information Security Agency
The European Network and Information Security Agency (ENISA) is an agency of the European Union. ENISA was created in 2004 by EU Regulation No 460/2004 and is fully operational since September 1st, 2005. It has its seat in Heraklion, Crete (Greece).
The objective of ENISA is to improve network and information security in the European Union. The agency has to contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Market.
ENISA assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future Community legislation. ENISA ultimately strives to serve as a centre of expertise for both Member States and EU Institutions to seek advice on matters related to network and information securit
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Grundlagen der Endpoint Security
Endpoint Protection-Lösungen sichern die Workstations und Server im Netz gegen Angriffe aller Art ab. Sie bestehen üblicherweise einerseits aus einer zentralen Verwaltungskonsole, über die die zuständigen Mitarbeiter die Konfiguration vornehmen, und andererseits Agenten, die auf den zu sichernden Clients laufen und dort die Policies umsetzen, die im Management-Tool festgelegt wurden. Security-Insider zeigt, welche Funktionen ein gutes Endpoint Protection-Produkt mitbringen sollte und stellt außerdem die wichtigsten Hersteller in diesem Bereich vor.Weiterlesen