You've seen them; they're small, colorful, probably attached to a lanyard. They're USB flash drives, a.k.a. flash keys or key drives. The USB flash drives had replaced floppy disks and CD-RWs as the media of choice for on-the-go computer users. I've noticed the portable drives dangling from the backpacks of college students and the necks of corporate employees. While a worker could hardly carry a laptop out the employee exit without raising suspicious, a USB flash drive would raise no eyebrows. However, which is ultimately more important: one computer or an department's sensitive data files?
It's the flash drives' popularity that now makes them the one of the greatest security concerns facing Information Systems (IS) managers. With data transfer speeds up to 23 Megabytes per second (reading),14MB/s (writing), and multi-gigabyte capacities, these data powerhouses can still be easily hidden in a shirt pocket or palmed from view. Plug in, download data, unplug, all in a few seconds.
Even trustworthy employees can cause problems with these devices. Few users encrypt sensitive data stored on their network servers, let alone the files stored on a personal flash drive. However, the drives are so small, about the size of ones' index pinkie, they're easy to misplace or lose, entirely. Once lost, data can't be retrieved.
I strongly recommend that employers ban the use of personal USB flash drives on company computers. The risk to confidential data is too great to trust it to a tiny manual device that has no security protection. Going hand-in-hand, I also recommend that corporate flash drives be encrypted and marked with a unique identification and managed as the sensitive hardware they really are. While you're at it, attach a postage paid mailing tag, just in case the drive is lost...drop in any mailbox, return postage guaranteed.
Call for Comments
What do you think? Leave your comments below.