15 February 2016

Laundering sensitive data

Despite the rapid growth of cloud computing, many individuals still move or hold quantities of business (and personal) sensitive data around on USB sticks.

USB sticks are relatively inexpensive devices, some of which have significant storage capacity, are often used as a means of backup or to facilitate the movement of information between locations and devices for such reasons as presentations, conferences and demonstrations. However, given their small size USB storage media can easily be forgotten and left in pockets of clothing handed over to the cleaner. What happens to the data thereafter?

A recent survey undertaken by security internet firm ESET indicated that in excess of 22,000 USB sticks have been handed into laundries and put through dry cleaning. Each dry cleaner finds on average four devices annually, however it is estimated that less than fifty percent of these device are reunited with their rightful owners.

Furthermore nearly 55% of businesses believe that the use of USB devices within corporate systems contributed to the introduction of malicious code which subsequently caused disruption and impacted business operations. Whilst many businesses can trace the loss of sensitive and confidential information to USB memory sticks, considerably more are blissfully unaware they have lost data because they have little or no control over their use.

In exercises conducted in recent months a number of USB keys, some with company logos have been ‘dropped’ around businesses, of these 60% were plugged into their computers within two hours.

The solution to this type of problem here is threefold:

1.  People need better education of the risks these devices can pose

2. Business systems need to be configured to trust random USB sticks and can install malware held on it.

3. Without hampering productivity, businesses need to encrypt trusted devices and to prohibit all others.