Some people in the workplace may use a laptop to charge their smartphone or transfer files using a memory stick because it contains something they are working on. However, irrespective what it is you’re plugging in, there are dangers attached when inserting a USB into your laptop. Firstly, there’s the risk of the devices containing malware and secondly, there’s the danger that sensitive data can be downloaded and stolen.
The Stuxnet attack on the Iranian plant in 2013, illustrates the tremendous damage that can be wreaked from a small memory stick. It’s therefore essential not to overlook removable media controls when looking at cyber security.
Consider the consequences
In the corporate sphere, the risks of information theft, data loss and malware can all lead to reputational damage and financial loss for a company. If you have any doubt about the consequences of serious data loss, consider the case of US retailer Target. It was the subject of a hack in which millions of customer records were plundered and as a result, its revenues plunged by over 40 per cent.
Safeguarding against loss via removable media should ideally be planned when a security policy is being developed. As removable media in the workplace is now all too commonplace, and is one of the highest areas of vulnerability, it should be addressed as a matter of urgency.
Reducing the risk
Even if your network is locked down to the point of disconnecting it from the Internet, that doesn't prevent someone from copying sensitive data onto a CD-ROM, or to a USB memory drive and walking out the door with it.
Removable media controls fall under data loss prevention and as a result, there is a raft of technologies designed to help protect the removable devices. The fast-paced business environment of today requires employees to have anytime, anywhere access to corporate data and business applications, therefore putting the block on removable media may seem draconian and counter-productive.
However, it can be managed. It’s possible to protect critical data from coming into and leaving the company through removable media with tools that monitor and control data transfers from desktops and laptops, irrespective of where users are and even when they are not connected to the corporate network.
Specifying which devices can and cannot be used, defining what data can and cannot be copied onto allowed devices and restricting users from copying data from specific locations and certain applications will help when managing devices.
Endpoint encryption for removable media is also another effective approach. It allows the encrypted device to be used on any machine without installing any software or requiring administrator privileges. It also allows encrypted files to be saved or edited safely, which ensures user flexibility is also maintained.
Remember, policy is essential. Identifying removable media devices, nailing down required actions and outlining the steps that are needed to ensure continued business flexibility will help protect your sensitive data.