Most companies neglect creation of comprehensive data security protocols for employees, allowing them to use unsafe or unsecured USB drives that could be compromised.
An Apricorn survey revealed that companies pay little attention to how employees use USB drives, and their IT departments don’t provide tools for safe USB device usage. 58% of organizations don’t implement port control or whitelisting for devices, and only 47% require employees to use encryption on their USB devices.
It’s easy to see why companies don’t actively think about how employees interact with their computers, and USB drives are seldom a priority. Some 47% of organizations have established a protocol for lost USB devices, and 53% said that their company has no technology capable of detecting the download of confidential data onto USBs.
The security of an organization is not only about protecting its assets from online threats. It’s also about protecting the business from problems from within, and USB drives are a big part of that. Using endpoint protection is a good start for businesses, but other protocols have to be considered for a complete solution.
“Considering the increase in volume, sophistication and severity of security threats facing organizations today, it is critical that employers arm their employees with secure USB drives to prevent highly damaging data breaches,” said Mike McCandless, VP at Apricorns.
The survey also revealed that 91% of employees favor using encrypted USB drives, in stark contrast with what the companies are actually doing. Given that the Ponemon Institute research indicates an average cost of $3.86 million for a breach, lax policies regarding unsecured USB devices are baffling.
The survey covered more than 300 employees from all major industries, including finance, healthcare, government, retail, legal, manufacturing, and power and energy. Most organizations use USB drives in their daily operations, but there’s some good news; use of non-encrypted USB devices fell to 58% in 2018 from 82% in 2017.