This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

USB device security - How secure is your data?

Forensic Focus - September 2009

USB flash drives have become an increasingly popular data storage option with some devices now holding up to 132gb of data. With the increase of usage we have seen the increase of security challenges that businesses are needing to address and overcome.

A recent survey by SanDisk, a major manufacturer of USB devices, shows that large amounts of sensitive data is stored on USB devices.

SanDisk survey

Are USB flash drives a useful tool for sharing data, or a way for malicious users to bypass network security policies and put your data at risk?

Main threats:
  • Unauthorised removal of data
  • Virus introduction
  • Exposure of sensitive information
Key benefits of USB device security:
  • Reduced risk of data theft
  • Reduced risk of data loss and/or corruption
  • Enhanced controls of access to company critical data
  • Promotes employee understanding

Having established the risks associated with portable storage devices, now is the time for your organisation to consider whether it should: 

  • Limit the use of portable data storage media and devices except with specific authority 
  • Automatically record the attempted connection of any and all devices to the corporate network 
  • Prevent MP3 players, digital cameras and mobile phones being connected to PCs 
  • Automatically encrypt all data carried outside the network on portable devices 
  • Amend definitions of ‘misconduct’ within appropriate HR policies to reflect the new issues facing organisations as a result of these lifestyle devices
Tips for combating unauthorised USB devices

There are a number of countermeasures that can help to reduce, but will never eliminate, the risk of using USB storage devices. These include: 

  • Disabling the USB and FireWire ports on each computer. 
  • Introducing encryption technology to protect intellectual property and other data against disclosure on
    misplaced or stolen USB devices. If the data does leak out of your organisation no unauthorised person will be able to read it. 
  • Using portable storage devices that feature strong authentication as well as data encryption. SanDisk,
    Kingston Technology, Lexar and IronKey all produce thumb drives like this. 
  • Having your IT staff use features within the computer operating system to control access to USB ports and devices.

For more information on USB device security please contact Barry Foster or Jon Pearse.

Also in this issue:

Stay connected:
Get connected
Share your comments


More on Deloitte
Learn about our site