Companies see risk of removable media but still turn a blind eye

In spite of knowing that removable media as media players and USB memory sticks are insecure, most IT professionals still don’t use any security technologies to protect their mobile data.

Stockholm, SWEDEN – June 8th, 2006 – Pointsec Mobile Technologies, the global leader and the provider of the de facto standard for enterprise security software for laptop and desktop PCs, PDAs and smartphones, today published results from a survey on the use of removable media among IT professionals. The survey is conducted for the second year in a row and shows that the number of IT professionals who use USB memory sticks, digital media players and external disks, has doubled compared with last year’s results. That is in spite of the fact that many of the surveyed IT professionals know that storing corporate information on a removable media poses a security risk. The survey this year was conducted amongst 248 IT professionals in the United Kingdom (many of whom are IT security managers). 66 percent of those who use removable media have no security policy for removable media. 65 percent are aware of the security risk associated with that kind of media that could easily get lost or fall into the wrong hands. 56 percent of the surveyed are using their mobile storage devices to store corporate information such as contracts, proposals and other business documents. 22 percent use them to store their customer’s name and addresses. Three percent store passwords and bank account numbers on removable media. Most of them, 70 percent, use removable media to store downloaded music files. Only 21 percent have some security in place on their media, such as password protection or encryption. 12 percent are banning the use of removable media in the company. - The use of mobile devices and removable media such as USB memory sticks has increased enormously, not only in the home but also at work. The devices are small and cheap but they are ticking security bombs if they’re not secured properly, said Peter Larsson, CEO of Pointsec. But instead of banning such devices at the company there are other solutions that will keep IT security managers happy. The importance of securing removable media has increased after the implementation of legislation frameworks such as Sarbanes Oxley and Basel 2. To secure your company from the security implications associated with removable media and mobile devices Pointsec recommend that you: 1. Deploy user mobile guidelines or ensure that your corporate IT security policy includes corporate directives that state the importance of proper handling of mobile devices such as removable media. 2. Ensure that all members of staff are aware that their employee does not allow non-company devices to be used within the company network. 3. Use encryption software such as Pointsec Media Encryption which enables centralized policy enforcement of strong encryption of all data stored at mobile devices and removable media. 4. Have methods in place which enables encrypted data to be decrypted in a controlled way outside the corporate network. 5. The encryption process should be transparent and quick to the user, so that it does not interfere with their work or put any extra requirements on the user. 6. Have methods (independent of the end user) which enable decryption of all encrypted data within the company network. For further information please contact: Thomas Bill, CEO, Protect Data AB, tel: +46 8 459 54 00