Say Goodbye To My Little Friend: The Case Against Removable Storage
IBM made news recently by joining the growing number of businesses which have moved toward prohibiting employee use of removable storage devices such as USB drives or sticks, SD or micro SD cards, and any type of portable hard drive.
These tools were popular only a few years ago - you've likely received one at some point as a branded giveaway - and for good reason; they are easy to use and transport. These same factors, however, are increasingly being seen as flaws by businesses concerned about the prospect of data loss.
The gadgets themselves are particularly easy to misplace or lose due to their size. To make matters worse, most users fail to adequately password protect or encrypt the storage devices prior to use, meaning that anyone who finds a lost device now has unfettered access to the data contained therein. Organizations have correctly identified this as a major risk.
Another issue with these tools presents itself when you consider that these storage devices can be used not only to remove information from the workplace, but also insert things into the network. Malicious code, viruses, etc., can be introduced into the environment by virtue of one of these instruments.
Many businesses are attempting to protect themselves by disabling read and write access to USB posts at the user level, but this can sometimes be problematic from a productivity standpoint. The best solution at present is likely a combination of adjusted permissions as a network setting in conjunction with a robust IT security policy. Contact Red Oak Law if you would like to protect your customer data by rolling out one of these policies.