“This is alarming as many viruses on USB sticks can run as soon as they are plugged into a PC, without user activation and causing widespread damage to a corporate network,” says Anders Kjellander, CSO, BlockMaster. “Indeed, the Stuxnet worm, the first ‘industrial’ virus, was well-known for spreading via unsecure USB sticks. Furthermore, even if unprotected USB sticks are not infected with viruses or worms, they can contain sensitive corporate data, leaking important information to external organisations causing harm for the party that lost the device.”
The research of over 1,000 UK office workers initiated by BlockMaster to reveal attitudes to handling portable devices, such as USBs, also revealed that almost a quarter (20%) have lost unprotected USB drives holding sensitive information, exposing businesses to huge potential risks, such as loss of IP and reputational damage.
Kjellander continues: “Around 83% of office workers use USB sticks today, making them almost as common as the mobile phone. However, although we often have work email on our mobile phones, it’s quite rare to store a significant quantity of sensitive business data on them. Unsecure USB drives pose a unique security threat, as they are usually small, easy to lose and have a high capacity for storing documents, videos or corporate presentations.”
The survey also discovered that approximately 85% of lost USB sticks are later found, so office workers hoping that lost sensitive data will simply ‘vanish’ will frequently be disappointed.
Kjellander concludes: “Organisations need to put technology and policies in place to secure and remotely manage their USB devices. A lost unsecure and unmanaged USB stick can contain sensitive data including customer details – or in the case of public sector organisations, details of patient records, benefits or tax details – so it is imperative that organisations put in place a managed secure USB drive solution that automatically protects stored data and allows administrators to centrally manage them to perform policy updates and remotely erase any lost device.”