Tag Archives: USB

Value of data unrecognised by many, study finds

Research suggests that most employees are not aware of the intrinsic value of data and, as such, focus more on lessening the chances of damaging mobile devices and portable storage, rather than actively minimising the threat of loss or theft.

There is clearly a confusion among most employees as 58 per cent of respondents to a recent study conducted by BlockMaster, said that they thought damaging a laptop to the extent that it is necessary to replace it, would prove to be more costly than a data loss incident caused by misplacing a portable USB memory stick.

Over 1000 people took part in the survey and a series of questions allowed the analysts to discover that while 29 per cent of people consider data loss to be a serious incident, about the same proportion consider being stuck in work overnight as a result of poor weather, to be the equivalent of a data loss disaster.

BlockMaster’s Anders Kjellander, admitted that while the results were clearly worrying, he was not surprised to find that many employees are simply unaware of the value of data to a business.

Mr Kjellander restated the point that IT hardware is less valuable to any organisation than the data which is stored upon it. He explained that while a broken computer is replaceable, lost or stolen data cannot be recovered.

Mr Kjellander pointed to the recent Wikileaks scandal as a clear indication that once data has made it out of safe hands, it can never be corralled back into secrecy. While the costs of replacing hardware are quantifiable, data loss can have an ongoing financial impact that is impossible to measure in the short term, according to SC Magazine.

Some believe that employees put a greater emphasis on protecting devices rather than data because they relate to corporate phones or laptops in the same way that they would to a personal device, which can be unhelpful in the fight against data loss and theft.

Automating security and ensuring that password protection and encryption are the very minimum levels of loss prevention in place is advised.

Business smartphones suffer from data encryption deficit

A new study has found worrying evidence that a majority of smartphones used by businesses do not have any kind of encryption protecting the sensitive data which they store, leaving the door open for malicious parties to steal and corrupt corporate details and private information.

Seventy per cent of respondents to a survey carried out by security firm Check Point, said that the smartphones issued by their employers had no kind of encryption in place, while 87 per cent said that this extends across other portable storage solutions such as USB memory sticks.

The analysts claim that the study shows just how difficult it can be for IT departments to keep on top of device security, consequently making it much more difficult to counteract data loss, portable storage theft and unwarranted third party network access.

Two hundred and twenty people took part in the study and vulnerabilities were exposed in almost all of the businesses which they represent. The results are said to show that as workers move into operating more regularly in a mobile environment, the threats posed to data increase.

Many are attempting to step up efforts to stem the growth of potential data loss flaws by implementing the usage of secure VPNs on laptops, which was suggested by 52 per cent of respondents. Meanwhile, only 23 per cent said that they would be encrypting portable hard drives and a fifth said USB memory sticks would be getting encryption over the next 12 months.

Check Point’s Nick Lowe, said that because many businesses are going to increase the number of devices capable of storing data, the problems facing the security teams are becoming greater.

There is a general debate over who should be held responsible for the protection of data stored on a portable, mobile device, according to Mr Lowe.

Industry analyst Bob Tarzey, believes that with greater restrictions on personal device usage, many businesses will actually increase the number of employees who break regulations and so urges firms to employ sensible, inclusive practices, so that security can be assured without alienating the average employee.

Sellafield nuclear site has secrets leaked after data loss

The Sellafield nuclear site has suffered an embarrassing data loss incident after secret details about its operation were left on an unencrypted USB storage device which was found in a hotel room in Cumbria.

While this loss could have been catastrophic had the data found its way into the wrong hands, the Sellafield bosses can at least take some comfort in the fact that a member of the public handed in the USB drive to the authorities.

Amongst the information stored on the USB drive were details of how employees are going to be transferred from Cheshire to sites across Europe as part of a deal with Urenco.one, a firm specialising in uranium.

Security expert Sean Glynn, said that this significant data loss could be seen as an indication to the UK’s foes, that it is relatively easy to steal highly sensitive information from within organisations like Sellafield.

Mr Glynn said that it did not take much intellectual power to work out that while USB storage devices are incredibly useful across many forms of business, without proper data protection they are at great risk of becoming compromised.

Encrypting USB storage is the best solution, as this makes it difficult for third parties to access the stored data, even if it is lost by an employee or stolen, according to Mr Glynn. He pointed out that the UK is currently seeking to invest millions in fighting cyber crime and terrorism under a sustained threat from foreign forces, which should give firms the incentive to better safeguard data which is of importance to national security.

The USB device was found by a coach driver who was staying in the Cumbrian hotel, unaware at the time that he was handling data which could be extremely valuable to international criminal groups. On discovering the significance of his find, the driver is said to have remarked that the potential for misuse of its contents was staggering.

An investigation into how the USB drive was left in a hotel room has been launched by Sellafield and further action is likely to occur as a result.

NHS admits further data loss via unencrypted USB storage device

A new data loss scandal originating from within one of the organisations governed by the NHS has come to light, once more involving the misplacement and subsequent discovery of a portable USB memory stick which was entirely exposed due to a lack of encryption.

Members of the Forth Valley NHS board are being investigated by the Information Commissioner’s Office (ICO), after the media was made aware of the loss. It emerged that an employee had transferred data from NHS systems over to the device, which were personal items, before parting ways with them due to loss or theft.

The board’s chief executive Fiona Mackenzie has committed to a formal undertaking authored by the ICO, that will ensure the future eradication of any unofficial data storage devices from use within the organisation, with staff only being allowed to transfer data on sanctioned, centrally controlled devices.

The board will not be taking a passive stance, but will rather increase security and block any personal memory devices from gaining access to systems.

The ICO’s Scottish representative, Ken Macdonald, reiterated previous statements made by colleagues by saying that, hopefully, this incident will make it clear to other organisations within the NHS that inadequate appreciation of data loss prevention policy amongst staff members, would lead to the leaking of confidential patient information – unless measures are taken.

Mr Macdonald said that he hoped the increasing emphasis on staff responsibility for the use of portable storage would not subsequently allow the heads of such organisations to deny their own part in protecting data when future incidents inevitably arise.

Security expert, Ander Pettersson, said that the portability and convenience of used USB storage devices was difficult to ignore and many businesses rely on mobile technology to increase productivity and flexibility. He recognises the potential for loss or theft posed by these devices and suggests that the NHS will need to invest in a secure USB system, that will retain the integrity of private data.

Mr Pettersson said that while organisations like the NHS have a responsibility for protecting the data of customers, the ICO would also have to use its own powers to police such organisations and impose penalties to prevent future debacles.

ICO reprimands NHS hospital over patient data loss incident

A further data loss incident, involving the exposure of confidential details relating to patients by an NHS hospital, has been the subject of an investigation by the Information Commissioner’s Office (ICO), representing yet another scandal to emerge from within the health service in recent times.

The data loss occurred when a USB storage device was left on a train by a junior doctor working at the Lister Hospital in Stevenage, Hertfordshire.

According to reports, the doctor was required to hand over the drive to the person taking over when his shift ended, but he failed to do so and brought the device with him on the commute home, where at some point it was misplaced. The device was unencrypted, leaving the onboard patient data open to exploitation.

The doctor made his superiors aware of the error as soon as it occurred and this was followed up by an internal inquiry into how the loss was instigated.

In this instance the ICO identified that the doctor who was responsible for the loss had not been trained in the data handling and security measures which the NHS enforces. This was blamed partly on the fact that he was not provided with an organisation email account to which such information could have been sent.

An ICO spokesperson explained in a statement that further investigation revealed that the hospital’s policies on data protection and the implementation of non-sanctioned USB storage devices were vague. It also identified the fact that the systems would not automatically block the use of unencrypted third party devices.

The ICO’s Mick Gorrill said that no responsible organisation within the NHS should consider the use of unencrypted devices for the storage and transportation of personal data as appropriate or adequate.

Mr Gorrill pointed out that if the transferral of data via a physical device is necessary for the operation of a hospital, it must be governed by the strictest of security procedures to prevent loss or theft.

The NHS’ s Nick Carver said that the hospitals and trusts in his care in Hertfordshire will be subject to a rigorous policy review and all staff will be informed of their responsibilities when handling patient data.

Survey analyses employee habits within business systems

A study has found that many workers are content with the functionality of IT systems available at work, although this does not stop many transferring data via FTP or USB drive so that they can work at home.

The new report, published by 360 IT, found that 90 per cent of employees are convinced that the current standard of their IT at work is more than adequate and certainly helps to improve the levels of productivity.

The respondents were asked about what type of IT products they would ideally like to see in their place of work and 72 per cent said that they were simply looking for an IT infrastructure which worked smoothly and was easy to use. A third were looking for collaboration tools and under a tenth sought cutting edge devices which would allow them to impress clients and co-workers.

A little over half of all respondents said that they would like to work with alternatives to desktop computers in the future, with most picking laptops, a smaller percentage picking smartphones and one per cent choosing iPads as their ideal working platform.

360 IT’s Denise Plumpton said that employees wanted the powerful hardware of a laptop, along with its convenient portability more than smartphones, which are typically less well equipped and versatile because of their restricted size.

Respondents were asked whether or not they breached company policy relating to data security and 56 per cent claimed that they never stepped out of line in this respect. Twenty-seven per cent said that they harnessed webmail accounts or FPT transfers, to make files available for home working, while a quarter said that they regularly transfer files to and from their place of work on a USB storage device.

Plumpton pointed out that a tiny proportion of those questioned claimed that there were absolutely no internal rules relating to data handling and loss prevention, although she was sceptical about whether or not those who claimed to abide by their rules were actually being honest.

Plumpton said that businesses would need to look hard at their data protection policies and check whether employees were sticking to them or circumventing them to make their lives easier, without realising the associated risks of data loss or theft.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal