21% of workers have 10 or more USB sticks – with little or no controls

According to Credant Technologies, which sponsored the survey, every single one of the 229 respondents said they had at least one USB stick, and 54% noted they had between 3 and 6 units in their portfolio.

Whilst this is good news for vendors of these must-have items, the IT security vendor says that the news may not be so welcome for security and compliance teams tasked with protecting the sensitive data on what has become a common device.

Delving into the research reveals that more than half of the respondents said their USB sticks were not encrypted, leaving the corporate information on them completely vulnerable if they are borrowed, lost or stolen.

Fifty-two percent of the sample admitted they couldn't even remember what they had saved on their device, which is worrying as 20% never delete the corporate data stored, even when they no longer require it.

Even more alarming, says Credant, is the fact that 34% admitting they don't know, at any given time, where all their USB devices are.

Almost 10% of respondents said they had lost a USB device containing corporate data, yet fully 76% never reported the loss to their bosses.

Commenting on the survey results, Bob Heard, Credant's CEO, said that companies are spending millions on their security and it could all be in vain if they fail to close this basic area of vulnerability.

"If they have a workforce that are using USB storage media, blissfully unaware of the potential mayhem that these ubiquitous devices could potentially cause, no matter how much is spent the enterprise will never be secure", he said.

"These small USB sticks can be, and often are, easily lost or stolen, thus leaving data, and those responsible for protecting that data, vulnerable", he added.

One of the most interesting aspects of the survey results is that the security issues of USB sticks are just the tip of the iceberg, as 37% of the sample admitted to synchronising their iPhones, smartphones and iPods with their work devices.

This practice, says Heard, potentially exposes their companies to a multitude of data risks and network disasters.

"Many organisations are either failing to take the problem seriously or to implement and enforce the right security, work practices and education for their users to address this problem", he explained.

"Unsecured data on removable media is a significant and growing concern and organisations need to start planning now on how to close this vulnerability before they suffer a very expensive, and embarrassing breach."

What’s Hot on Infosecurity Magazine?