01:17 PM
Kevin Fogarty
Kevin Fogarty
Connect Directly
Repost This

The Insidious Security Risks Of Thumb Drives and Paper Files

Numerous surveys show that IT managers are worried about BYOD security but lost flash drives and manila folders remain the bigger threats.

Survey after survey from security vendors and research firms show that businesses are worried about the risks of employees using their own mobile devices for work. But are companies overlooking the bigger risks that come with thumb drives and plain old-fashioned paper files?

In these surveys, security- and data-center managers routinely put BYOD at the top of the list of potential sources of data loss. Nonetheless, huge majorities allow employees to use personal smartphones for work purposes.

Worse, users at 59 percent of companies with BYOD programs turn off or work around passwords and other security installed by IT to prevent data loss, according to a Ponemon Institute study on global security risks.

A report issued this week by Kaspersky Lab showed that a third of 1,762 UK-based IT managers surveyed believe lost data would have a negative business impact, but only 32 percent have a clear idea of what business data employees are carrying on their mobile devices.

However, many companies are busy implementing mobile security systems, according to a survey released by Symantec, in which 90 percent of respondents said they plugged the holes created by BYOD with a variety of mobile security and management approaches.

Despite all the surveys about BYOD security concerns, they don't indicate that companies are doing much to secure the data-capable devices lost or stolen most often in corporate environments -- USB drives. Neither users nor IT keep close-enough track of flash drives to even guess how many of the hundreds of millions of them are floating around their own offices.

Yet when asked to name the three items most often lost or stolen, 39 percent of those surveyed in the Kaspersky study picked USB drives compared to the 26 percent who named smartphones as a leading risk.

Of the most-stolen items, in fact, smartphones barely made the top five, behind flash drives, chargers for mobile devices, other bits of unspecified "office equipment" and manila paper folders.

If you take into account the surveys showing insiders are still to blame for the majority of data-loss and other corporate-security incidents, and see the stories showing that techniques like briefcase stealing or dumpster diving are at least as effective and much easier than hacking, it's clear the security fears of corporate America have adapted to the digital age more quickly than the risks themselves.

Smartphones unsecured on purpose by end users are certainly a security threat. Are they a bigger threat than the chance an insider could walk out with a pile of file folders with sensitive information? It's even easier to lose or steal a USB drive and, if you think about what you actually use them for, flash drives aren't usually much more than digital file folders.

There are so many vendors working on ways to secure, hide, erase or recover mobile devices that it would take too long to list them all.

But I can't remember the last time I heard a solution to the problem of the disappearing file folder or flash drive.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
6/6/2013 | 11:50:13 AM
re: The Insidious Security Risks Of Thumb Drives and Paper Files
Thanks for going there but it is even worse. It isn't copying data on their flash drive that is the biggest concern, it's planting a Trojan or worm on your network. Once that happens, any number of hackers can now pwn you. Lock down all cd and USB ports except what is needed and monitor those with cameras. Then scan your network for malicious activity constantly to be sure nothing has happened. It can only take seconds for someone to infect, even if they have no idea what they are doing. Your employee may be paid by a hacker who does.
More Blogs from Commentary
Infrastructure Challenge: Build Your Community
Network Computing provides the platform; help us make it your community.
Edge Devices Are The Brains Of The Network
In any type of network, the edge is where all the action takes place. Think of the edge as the brains of the network, while the core is just the dumb muscle.
Fight Software Piracy With SaaS
SaaS makes application deployment easy and effective. It could eliminate software piracy once and for all.
SDN: Waiting For The Trickle-Down Effect
Like server virtualization and 10 Gigabit Ethernet, SDN will eventually become a technology that small and midsized enterprises can use. But it's going to require some new packaging.
IT Certification Exam Success In 4 Steps
There are no shortcuts to obtaining passing scores, but focusing on key fundamentals of proper study and preparation will help you master the art of certification.
Hot Topics
Edge Devices Are The Brains Of The Network
Orhan Ergun, Network Architect,  4/23/2014
IT Certification Exam Success In 4 Steps
Amy Arnold, CCNP/DP/Voice,  4/22/2014
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Twitter Feed