Poor USB security leaves enterprises at risk

Security polices for USB devices are frequently outdated and inadequate, and enterprises are often failing to monitor their use, according to a new survey.

The study by encrypted drive specialist Apricorn reveals that while nine out of 10 employees rely on USB devices today, only 20 percent of them are using encryption on those devices. Eight out of 10 employees use non-encrypted USBs, such as those received for free at conferences, trade events or business meetings.

Apricorn surveyed over 400 employees across a range of industries. It discovered that USB drives are seen as an important tool, with roughly 70 percent of employees surveyed maintaining that USB drives improve the efficiency of their organizations' IT operations and increase their productivity.

“With the increasing volume and complexity of data within today’s organizations, it is critical to provide employees with the tools to securely process this data,” says Mike McCandless, VP of sales and marketing at Apricorn. “At the core of every security policy should be a foolproof, enforceable means of whitelisting any and all USB devices to ensure that only approved encrypted drives can be used when handling sensitive data. This greatly diminishes the vulnerability of employee non-compliance.”

Among other findings are that 69 percent of respondents agree that the use of USB drives increases productivity in the workplace. Only 15 percent ask for permission before using a USB drive.

Corporate policy on this varies, 50 percent are required to seek permission to use external USB drives, while the other half are not. In addition only 58 percent of organizations have adequate governance and policies to manage the use of USB drives in the workplace.

Photo Credit: Mario Lopes/Shutterstock