UK POINTSEC WARNS ON USB MEMORY STICK USE http://www.cbronline.com/article_news.asp?guid=A12F491F-10A1-4553-920B-E7908886E5D6

Two out of every three organizations are failing to include guidance on the use of mobile media such as memory sticks and USB flash devices in their current security policies, a survey of IT security professionals has shown.

Although 12% of the organizations polled actually ban the use of removable media devices in the workplace, of those that do allow them only 21% have moved to secure removable device use with passwords or encryption. Most all of the executives polled in the study were aware of the potential danger that removable media presents.

The popularity of removable media devices is increasing the risk that organizations leave themselves open to extortion, digital identity fraud, or damage to their reputation, integrity and brand, the company behind the study has warned.

The development of USB, or universal serial bus, as a convenient way to connect peripheral devices to computers has generated certain security risks. As a method of siphoning data, mobile gadgets are pretty useful. They are quick to download meaningful chunks of data, and the largest capacity device can now store 100GB of data and more. USB pen drives and USB memory sticks are now able to hold 8GB in memory which equates to around a million documents, said the study sponsor's Pointsec Mobile Technologies AB.

Complete lockdown can actually be counter-productive, as it blocks the USB port not only to storage devices but to the legitimate use of peripherals keyboards, mice and printers, as well.

However, USB devices can carry viral code, or can be used to hack systems. McAfee, Sygate and SecureWave are but a few of the vendors to have added USB control features to their respective intrusion prevention systems.

The survey was conducted amongst 248 IT professionals during the Infosecurity Europe exhibition and conference which ran in London in May. The recommendation is that a number of measures are needed, including a blend of staff training, use of personal firewalls, desktop lock-down, and deployment of password-protected USB devices, which if lost or stolen would contain only encrypted data.