Sponsored by Kingston, Ponemon Institute is pleased to present the results of The State of USB Drive Security. The focus of this research is to better understand how complex business and government organizations manage the security and privacy requirements of data collected and retained on USB drives.
We believe the lesson to be learned from the research is that organizations do understand they are at risk because of employees’ negligence but are not taking the necessary steps to secure USB drives. The main reasons cited for not being proactive include: uncertainty about monitoring and tracking USB use in the workplace, desire not to diminish productivity and the reliance on employee integrity and trustworthiness.
Our study also reveals that while these devices may be small, the data breaches that can result from lost or stolen USBs are huge. More than 70 percent of respondents in this study say that they are absolutely certain (47 percent) or believe that it was most likely (23 percent) that a data breach was caused by sensitive or confidential information contained on a missing USB drive. On average organizations in our study have lost more than 12,000 records about customers, consumers and employees as a result of missing USBs.
The following are 10 USB security practices that many or most organizations in our study do not practice:
Providing employees with approved, quality USB drives for use in the workplace.
Creating policies and training programs that define acceptable and unacceptable uses of USB drives.
Making sure employees who have access to sensitive and confidential data only use secure USB drives.
Determining USB drive reliability and integrity before purchasing by confirming compliance with leading security standards and ensuring that there is no malicious code on these tools.
Deploying encryption for data stored on the USB drive.
Monitoring and tracking USB drives as part of asset management procedures.
Scanning devices for virus or malware infections.
Using passwords or locks.
Encrypting sensitive data on USB drives.
Having procedures in place to recover lost USB drives.
- Download - The State of USB Drive Security - U.S. Survey of IT and IT Security Practitioners
- Do you include USBs in your Data Loss Policy?Do you enforce that policy?