Almost Half of Companies Lose Sensitive Information on USB Drives

Almost half of the organizations recently polled by the Ponemon Institute (News - Alert) admitted to losing confidential data on USB drives over the past two years.

Conducted by Ponemon on behalf of USB drive vendor Kingston, the survey found that USB drives are pervasive across a variety of companies. More than 40 percent of the organizations said they have more than 50,000 USB drives in use, while almost 20 percent reported more than 100,000 drives among their user population.

Despite or perhaps because of the prevalence of such drives, the study found very little control or management over them. Less than a third of the organizations polled believe they have the right policies in place to guard against the misuse of USB drives.

Even further, a majority 71 percent of the administrators surveyed don’t see the protection of confidential data on USB drives as a high priority. But these same admins believe that many data breaches are the result of missing USB drives.

Malware that infects USB drives was also seen as a primary reason behind the loss of confidential information among 55 percent of the companies surveyed. Free USB sticks that people pick up from conventions and trade shows were found to be used by 72 percent of employees, potentially exposing their companies to risk.

As one example cited by the study, the Department of Homeland Security recently conducted a test in which it dropped USB drives along government parking lots. Some of the drives had an official government seal, while others had no identifying marks. Among the government-sealed drives, 90 percent of the people who found them plugged them into government computers. And among the drives without any marks, a whopping 60 percent of employees who picked them up plugged them into government PCs.

As the initiator of the survey, Kingston, of course, has its own products to keep USB drives safe and secure, as do other USB drive vendors. Protected and encrypted USB sticks are worth considering, especially if your company is inundated with a flood of these devices. Beyond that, though, it’s important for IT to establish the right policies to inform users about the proper use and protection of USB drives to avoid putting sensitive data at risk.

To compile its results, Ponemon surveyed 743 IT and security administrators about their use of USB drives.

“An unsecured USB drive can open the door for major data loss incidents,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Organizations watch very carefully, and put a plethora of controls around, what enters their businesses from cyberspace. This study drives home the point that they must also take a more aggressive stance on addressing the risks that exist in virtually every employee’s pocket.”

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.