Monthly Archives: November 2011

USB – Ubiquitous Security Breach?

The Ubiquitous Data Breach or as we know it - the USB

“Organisations do not understand the risks they face because of employee negligence but are not taking the necessary steps to secure USB drives.”

This forms part of the introduction to the findings of the UK part of the survey by the Ponemon Institute on behalf of Kingston Technologies.

The results of the survey show the level of UK organisations negligently inactive when it comes to unauthorised use of USB devices. With a shocking 73% of those surveyed reporting within their organisations, employees using USB’s without obtaining permission and 72% said that data breaches had been caused by sensitive or confidential data on USBs being lost.

These results come as no surprise to many of us, the amount of stories we all read on a weekly basis about data sticks being lost, laptops being lost, or discs being left in taxis etc.is large.

The surprising thing in many ways is that despite these incidents, organisations are still  uncontrolled USBs to become prevalent – picked up at trade fairs and expos, the survey said 55% – I suspect this is actually much higher. And so business is relying on the common sense and integrity of its employees to use the devices sensibly. In fact, the sensible thing to do is have a policy, implement and educate in to your staff.

The survey shows a disappointing 32% has policy and controls in place to stop or limit employees misuse of USBs in the workplace. and 29% the technology to prevent or detect a virus or malware on USB drives before use by employees. Some organisations, as we know will create policy and then not educate it in to their people, lip service to a policy never works, hence the 73% of respondents having lost sensitive data.

We have said it before and will say it again, assess the risks (ask for help if you need to), design the policy and procedures (ask for help if you need to) implement and check it works, then educate it in.

Ellie

www.advent-im.co.uk

From the report:

The following are 10 USB security practices that many organizations in this study do not

practice:

1. Providing employees with approved, quality USB drives for use in the workplace.

2. Creating policies and training programs that define acceptable and unacceptable uses of

USB drives.

3. Making sure employees who have access to sensitive and confidential data only use secure

USB drives.

4. Determining USB drive reliability and integrity before purchase by confirming compliance with

leading security standards and ensuring that there is no malicious code on these tools.

5. Deploying encryption for data stored on the USB drive.

6. Monitoring and tracking USB drives as part of asset management procedures.

7. Scanning devices for virus or malware infections.

8. Using passwords or locks.

9. Encrypting sensitive data on USB drives.

10. Deploying procedures to recover lost USB drives.

New Information Security Training dates for 2012

risk balance

lowering risk increases security

We have added some new dates for Information Security Training next year to the website.

These are currently February but we will be adding more, so either watch the blog, follow us on Twitter or check out the training section of our website…which you can find by clicking here….http://bit.ly/tiPani .

If you have an enquiry about timings for any of the other courses then feel free to give us a ring or drop us an email or Tweet.

Security and system integration – Mike Gillespie speaking dates

Mike Gillespie – MD Advent IM

We are delighted to announce that our very own Mike Gillespie has been invited to speak at series of events next week (WC 14.11.11).

Mike will be opening the Gallagher Command Centre V7 events in Newcastle, Birmingham and London.
He will be talking about the logic and benefits behind integrating security systems with other Building Management Systems, in a topical and well informed presentation.
As experts in security and as the UKs leading Independent Holistic Security Consultancy, Advent IM is uniquely placed to offer real insight into this area and show businesses how the benefits are not simply cost saving.
The events are at:
Newcastle – 14.11.11
Gallowgate Suite, Newcastle United Football Club, St James Park, NE1 4ST
Birmingham – 16.11.11
Pavillion Suite, Hilton Metropole Hotel, Birmingham NEC, B40 1PP
London – 17.11.11
The Penthouse, New Zealand House, NZ High Commission,  80 Haymarket, SW1Y 4TQ
Events run – Arrival tea and Coffee at 10am through to 2pm for morning sessions
and 3pm to approx 7pm (8pm London) for the evening sessions.
If you would like further details or would like to attend one of these events, please contact kate.hutchins@gallagher.co who will advise of remaining places.
For advice or information on security, integration of systems, ISO27001, Data Protection,  Business Continuity, CLAS Consultancy and much more, call us on 0121 559 6699 or 0207 100 1124
Alternatively visit us at www.advent-im.co.uk
Advent IM Ltd are Independent and guest speaking events do not constitute product endorsement.