Careless UK Firms Ignore USB Security

UK organisations ignore the risk of unencrypted USB drives and do not follow appropriate USB security policies, it has been revealed.

A study of ten European countries conducted by the Ponemon Institute showed that only 32 percent of  UK companies had USB governance policies, compared to 62 percent in Germany. This has resulted in 72 percent of UK employees having lost, and not reported, confidential data on USB drives in the last two years.

Costly carelessness

According to the research report, organisations polled lost more than 17,000 records containing staff or customer information in a 24 month period. And, at an average cost of £71 per record, based on Ponemon’s 2010 Annual Cost of a Data Breach Study, the financial implications of such data losses can be staggering.

The research, which surveyed companies in Denmark, Finland , France, Germany, Netherlands, Norway, Sweden, Switzerland, Poland and the United Kingdom, said that 67 percent of all missing USB drives are caused by negligence rather than fraud, but that of the 49,397 USB drives used by employees, less than half were considered secure.

Results also reveal that in the UK, ranked fifth overall, 23 percent of companies use anti-virus technologies on USBs, and that 48 percent of data is lost through virus or malware infestations on USBs.

“A lack of oversight, education and corporate confusion are factors that lead to the overwhelming majority of data loss when it comes to USB Flash drives,” said Jim Selby, European Product Marketing Manager at Kingston Technology, which commissioned the research. “Organisations fear that any attempt to control a device like a USB is likely to be futile and costly, both in terms of budget and loss of productivity.”

“This survey has made it clear that attitudes toward USB security differ across Europe, but the overall findings underline how many organisations still lack rigorous and secure USB data protection policies, thus leaving a huge hole in corporate security strategies,” said Dr. Larry Ponemon, CEO of the Ponemon Institute. “Rarely a month goes by without another ‘confidential data lost on a USB drive’ story being reported in the press, so we hope the results of our survey acts as a wake-up call for European organisations.”