Flash drives are probably the greatest menace to sensitive corporate data. They can store vast amounts of data and are plug-and-play in most computers.
Convergence and technical evolution means that the same functionality is being afforded to mp3 players and mobile phones, significantly multiplying the number of personally-owned devices which can siphon critically important company data through an unprotected USB port.
Software to protect USB ports, and to detect when an unauthorised UBS connection attempt is made, is available and inexpensive (for a single PC, just $30), but most organisations are not using it across the enterprise, and especially not on laptops, which are arguably the most sensitive - and the most vulnerable.
The following is recommended:
a. All employees reminded that unauthorised data copying may be regarded as theft for disciplinary purposes.
b. Software installed across the network to block, and alert to, the connection of unauthorised flash drives and other memory storage devices.
c. Personal flash drives banned from the workplace.
d. Charging of personal devices such as mp3 players and mobile phones via computer USB ports banned.
e. Those who are issued with flash drives are issued with such for a valid reason, and they may not be used on any computer except their own, without express permission.
f. Issued flash drives to be encryptable, so that data is protected in the event of loss.
g. Express permission required to copy certain types of data.
What’s more, personal USB devices are one of the most common sources of virus attack.
See http://www.zdnetasia.com/news/security/0,39044215,62052730,00.htm?scid=nl_z_ntnw
