Aug
30
2011

Lost memory: How memory sticks can lead to data breaches

Sometimes big problems come in small packages.

Such can be the case with USB drives, those little memory sticks that hold vast amounts of data yet can be easily lost or stolen.  A recent survey by the Ponemon Institute uncovered some scary facts about how vulnerable companies are to the threats posed by thumb drives:

  • On average, the companies surveyed lost 12,000 customer, consumer, and employee records on missing USB sticks.
  • At an average cost of $214 a record, the average number of missing records could result in losses exceeding $2.5 million for the companies in the survey.
  • More than 70 percent of respondents in this study say that they are absolutely certain (47 percent) or believe that it was most likely (23 percent) that a data breach was caused by sensitive or confidential information contained on a missing USB drive.
  • Nearly half (47 percent) of the 743 IT and IT security practitioners in the study said they were “absolutely certain that their organization experienced the loss of sensitive or confidential information on a missing USB drive during the past two years.”
  • The main reasons cited for not being proactive about security around USB drives include: uncertainty about monitoring and tracking USB use in the workplace, desire not to diminish productivity, and the reliance on employee integrity and trustworthiness.
  • Free USB sticks from conferences, trade shows, business meetings, and other events were used by 72 percent of the workers in the surveyed organizations, including organizations with policies mandating the use of secure USB sticks.
  • Half the respondents in the study use USB drives without obtaining advanced permission all the time.
  • Almost half (49 percent) of respondents lose their USB sticks without notifying the appropriate authorities about the loss.
  • 74 percent of the respondents revealed that their organization does not have appropriate technologies to prevent or quickly detect virus or malware infections that may reside on USB drives before use by employees in the workplace.

The study is another reminder of why organizations need to be vigorous around their security practices and recognize that big breaches don’t just spring from the keyboards of hackers; they can also slip from the palms of your employees hands.

Share