IT Security Update - Threat Of The USB Memory Devices

Rob Lucas specialises in Information Technology and Intellectual Property law, here he gives an insight into why memory devices should not be forgotten.

Many businesses are failing to address or even consider the implications of the growing availability and use of removable memory devices within their organisation.† This is despite increased awareness of the damage that can be caused by malware on the device or the removal or copying of sensitive material.

Many popular devices available today contain high capacities of memory (able to store many thousands of documents) and can easily connected to a computer via the USB ports.† Devices such as Memory Sticks plug directly into a computer's USB port and many computers helpfully hold the driver information necessary to quickly recognise the device and make the transfer of data readily available.† Other examples of devices designed to hold great quantities of data and which are recognised by computers are MP3 players such as iPods, digital cameras, mobile telephones and CDs.† These devices are commonly brought into almost businesses premises on a daily basis whether in the possession of employees, customers and suppliers.†

Notwithstanding this there are very few businesses which incorporate safeguards to check what devices are coming in and going out and, more importantly what is stored on them and if they are connected to the business's network.† This lax security and the failure to even consider the issue means that a business can be threatened by the removal of sensitive data or the introduction of malware or unlawful content.

Some organisations such as the MoD have banned staff from bringing iPods onto Ministry premises but the vast majority of organisations and businesses have no policies in place to prevent employees using any memory devices.† This seems at odds with the high number of businesses that have experienced some form of network disruption or electronic crime.

Some threats, such as the introduction of malware, are more obvious and there is the clear concern that firewalls and anti-malware defences are bypassed.† This threat is increased by the fact that one device may be used on a number of computers.† Other threats range from the downloading of pirate files onto a work PC, such as MP3 files copied from a home CD, to the introduction of pornography - as the business could become liable for any offences committed and be involved in subsequent litigation.† Software could also...