USB drives are abundant in the workplace today. They offer a great way to keep data handy, but the sheer number of devices becomes a hazard. Confusion, theft, and negligence can lead to sensitive data falling into the wrong hands—or worse—destructive programs getting access to your otherwise secure systems. Here are some of the big concerns with USB drives at work, and what you can do about it.
Losing a Drive
When USB drives are allowed to get disorganized, that’s when losing track of them becomes a risk. Often times, whether a drive has simply been misplaced or if it’s been stolen is uncertain. What’s worse, there’s often very little accounting for USB drives. Employees who have lost their devices may not report the loss, take responsibility for it, or even acknowledge it. Regardless of what’s happened with the drive, there’s a major concern that the data that was on it may be compromised.
Malware distributors—those who intend to do you harm by introducing a foreign program into your system—find that USB drives are an easy way to allow organizations to compromise themselves. A distributor can simply leave a USB drive somewhere that is accessible to employees, and employees may pick them up for their own use. There’s some anecdotal evidence that suggests that this is how the Stuxnet malware was introduced into Iran’s nuclear facilities. Foreign USB drives should be handled cautiously!
Policies for USB Drives
Some people think that banning USB drives form the workplace is prudent, but that can be an impractical decision. It’s better to adopt standards for encrypting USB drives especially for employee use. Maybe better yet: use USB drives that can only be accessed with a key code or combination.
The unfortunate downside is that very few organizations have IT departments that are accustomed or prepared to actively manage USB drives. And, as mentioned before, employees’ tendency toward dodging responsibility for USB drives hampers a passive management solution. Regardless of the specific oversight, the result is the same: your IT department might not even know that a USB drive is missing. But so many risks can be avoided by using encrypted drives that are centrally managed. With the right tools and policies, data can be backed up into the system so that nothing is lost, and missing drives can be remotely wiped to make sure that sensitive data isn’t leaked.
Driving New Methods
It’s not hard to put together policies to manage USB drives in your organization. A policy won’t eliminate the problem by itself, but it will help to mitigate some of the risks and allow your organization the benefit of using a quick, easy, and portable storage device.
Does your organization use USB drives a lot? Are you having any of these problems? USArchive offers specially secured portable USB storage devices that you can find out more about by clicking here. Tell us about your office’s USB situation in the comments below!
You Might Also Like…
Yes USB storage devices are used throughout our organization. I am unsure how they are monitored. I will ask the question.