We’ve all seen them. We all probably have at least one. Most of us call them smart sticks. Technically, they are called portable data drives.
Portable data drives have become a popular way to save, store and share data because they are small and very convenient. They are available at most retailers and smaller ones, like USB thumb drives, are often given away as promotional items by many companies.
However, with their increasing popularity, your employees may forget to err on the side of caution when using them, exposing your organization’s or customer’s data and systems to a security breach or malicious attack.
A Real Threat.
The loss of confidential data due to an employee losing or misplacing a portable drive is unfortunately a relatively common occurrence. Many high profile companies have suffered a detrimental data breach like this, costing them the public’s trust and expenses to repair and contain the damaging effects.
Another risk is the spread of harmful viruses through portable data drives. The Department of Homeland Security (DHS) conducted a study by placing computer discs and USB thumb drives in the parking lots of government buildings and private contractors. The test was to see how many employees would pick up and use the drives, potentially allowing unknown viruses and programs onto their equipment.
Shockingly, 60 percent of the employees who picked up the devices inserted them into their office computers. That number rose to 90 percent for devices that had a recognizable official brand logo on them. These simple actions could have exposed the organization’s data and networks to a large-scale malicious attack.
What should I do?
Decide on a plan of action for handling any portable data drives within your organization. Establish a protocol of password protecting and encrypting all drives to protect the sensitive data they can carry. Encryption will allow only computers with the encryption software installed to read and access the drive. This stops employees from accessing the drives on machines they are not supposed to, including home computers, preventing them from exposing the drive to harmful viruses or malware on their computer or misusing the sensitive data on the drive.
Other security measures available include biometric access technology, which requires a fingerprint scan to use the drive.
Inform your employees of the risks associated with portable data drives and your company’s policy regarding how to protect them. Remind employees of these risks and policies through posters, email reminders and notes through company email.
Even though employees know the facts, they often forget or believe that it wouldn’t happen to them. Like the employees in the DHS study, if someone lets down their guard even once, it can put an entire organization in hot water.
Sometimes doing something that is convenient can lead to a situation that leaves you or your clients exposed in a highly digital business environment. At Robertson Insurance & Risk Management, we uncover all of your business risk and find ways to control the impact to your business. Portable data drives may be a small part of unaddressed risk in your business. We’re positioned to help you. Give me a call today or send me a reply to this blog message. Thank you.