Kingston Technology says that secure encrypted USB sticks are no longer enough

Businesses also need, the firm claims, to introduce best practise policies, procedures and awareness training for the staff using the devices.

According to the memory and portable storage device systems specialist, its research comes against a backdrop of Big Brother Watch revealing there have been 1,035 data-loss incidents across 132 local authorities in the UK since 2008.

The research from Kingston – which was carried out in partnership with the Ponemon Institute – found that 72% of UK companies admit to having lost confidential data through missing USB sticks.

Researchers also found that 49% of organizations admit that the losses relate to customer data and that the UK, France and Poland have the highest rate of data breach as a result of missing USB sticks.

Interesting, researchers discovered that staff are also negligent of the potential USB stick security issues, so putting sensitive company data at risk.

Kingston say that the analysis – which took in responses from 2,942 IT professionals in Denmark, Finland, France, Germany, Netherlands, Norway, Sweden, Switzerland, Poland and the UK - reveals there are marked differences in the approach and implementation of USB drive security from country to country.

In the UK, only 23% of respondents confirmed that their companies have the technologies to prevent or quickly detect the download of confidential data onto USB drives by unauthorized individuals.

The statistic, says Kingston, shows most organizations in the UK are ignoring the risks of using unencrypted USB drives, resulting in 72% of those questioned having suffered a loss of confidential or sensitive data because of missing USB drives in the last two years.

When comparing individual European countries, perceptions and practises about the importance of USB security is highest in Germany – with 62% agreeing that their business has an adequate USB security policy in place to prevent employee misuse.

On the contrary, the UK, France and Poland are most at risk as a result of employees’ practices – 73% in the UK, 85% of respondents in France and 83% in Poland said that employees use USB drives without obtaining advance permission to do so.

The study also found that France, UK and Poland have the highest rate of data breach as a result of a missing USB sticks.

Jim Selby, European product marketing manager with Kingston Technology, said that a lack of oversight, education and corporate confusion are factors that lead to the overwhelming majority of data loss when it comes to USB sticks,

"Organizations fear that any attempt to control a device like a USB is likely to be futile and costly, both in terms of budget and loss of productivity”, he said.

“However, a simple analysis of what a company needs and the knowledge that there is a range of easy-to-use, cost-effective, secure USB Flash drive solutions can go a long way toward enabling organisations and their employees to get a handle on the issue", he added.

Commenting on the results of the survey, Dr. Larry Ponemon, the CEO of the Ponemon Institute, said it made it clear that attitudes toward USB security differ across Europe.

But, he added, the overall findings underline how many organizations still lack rigorous and secure USB data protection policies, so leaving a huge hole in corporate security strategies.

“Rarely a month goes by without another ‘confidential data lost on a USB drive’ story being reported in the press, so we hope the results of our survey acts as a wake-up call for European organizations”, he noted.


What’s hot on Infosecurity Magazine?