New research shows that almost half of people would take useful information and data with them to their next jobs. Based on a June 2007 Check Point Software survey, it is unlikely that anyone would stop them as three-quarters of companies have no security in place to prevent information going out the door. Eighty-five percent of employees admitted that they could easily download competitive information and take it with them to their next jobs, in spite of 74 percent of these companies having a policy that specifically states that company personnel are not allowed to take company information out of the office. These findings come out of a survey by Check Point into "staff and data security" carried out among 200 senior IT professionals in Europe.
Demand to use USB sticks creates a security headache for companies, at it is difficult to monitor them because USB devices are so small.
United Kingdom employees are not quite as trustworthy as their Nordic counterparts as the same survey conducted in that region found that although most employees there could download data from their current employers, just 32 percent would go on to use this information for competitive advantage in their next jobs.
USB sticks create a real security headache
Eighty-one percent of people take files from work to use at home, with the majority dumping their laptops in favor of USB sticks as the preferred method to store data because it is far more convenient, inexpensive, and easy. Thirty-three percent store work data on their USB sticks—versus 14 percent who now use a laptop.
The huge demand for people to use USB sticks creates a real security headache for most companies, as it is difficult to monitor them because USB devices are so small and can go unnoticed. They are also far easier to lose in transit—making them likely targets for opportunists who may find them very valuable assets to trade with competitors or use to extort companies into keeping quiet about the fact that they lost valuable or sensitive information without protecting it.
USB sticks are now more popular than ever—with everyone from children up to CEOs now traveling around with data on their USB sticks. Many can now carry 16 gigabytes around with them in their pockets—comparable to having 640 reams of paper in your pocket. By this estimate, it’s not surprising that they can become a serious security risk. Companies spend millions on security and just forget about the fact that millions worth of valuable data is walking out the door everyday on people’s key rings. And a great deal of those are very happy to download information to take with them to their next jobs. Without being too draconian, my advice is to lock down computers with vital information and make sure you centrally control USB sticks by supplying them to your staff with mandatory encryption in place. That way they can freely use them, keeping your data safe at all times.
Seven tips on rolling out a mobile data security policy
Check Point has seven, simple pieces of advice to offer companies on how to roll out a mobile security policy to secure vital company data:
- Educate your staff so that they are aware of the security and legal implications of downloading sensitive or competitive information
- Include management of all mobile devices in your security policy
- Specify that all staff members have to sign your security policy, to ensure that they will not download sensitive or competitive information, nor that will take this information to their next jobs—and make sure that you have the appropriate software to enforce the policy
- If you have sensitive information you do not want downloaded, then block endpoints on computers with efficient and cost-effective software
- Ensure that all USB sticks that are connected are encrypted
- Use encryption software that does not impair the use of the devices and make sure those employees cannot bypass the encryption—it therefore needs to be transparent to the users and quick and easy to use
- Remember, security is a two-way street—you need to have your staff on your side, so complement sensible, workable policies with centrally controlled security technology combined with trust, education, and understanding