Deter the Use of Flash Drives to Avoid Corporate Espionage
The portability and high capacity of flash drives is creating headaches for many companies. The Net is swarming with stories of the ill-use, illegal activities, and security concerns as more and more of these devices are lost and stolen or used to steal sensitive information. There are two basic categories of threats to information when corporations allow the free-will use of flash drives within an organization: the introduction of viruses, and the potential for lost or stolen data.
Viruses - While we think of viruses as obnoxious annoyances, viruses are now being unleashed to shutdown security systems and enable outsiders to easily infiltrate and steal information. What better way than a simple and un-threatening flash drive to migrate these Trojans between a home computer and office network. While I'm sure the Pentagon, one of America's hot-beds for sensitive information, is just as concerned about lost or stolen data, recently the Pentagon had a virus attack that, it seems, was caused by the ill-use of flash drives. And while no details of the virus attack have been given, the Pentagon has banned the use of external computer flash drives.
Lost Flash Drives - Amazingly these little flash drives get lost quite frequently. I've even heard of small surveys being done, under 500 participants, where it was reported that a flash drive was lost just about once every week. A quick search on The Breach Blog for lost or stolen data with flash drives clearly shows this category as being quite active and the potential for sever ramifications.
Stolen Information - While there are cases where employees intentionally steal information through the use of flash drives. This category is reported much less than the others as organizations clearly do not want to admit they have allowed their employees to take off with sensitive information.
Much of the information stolen behind corporate walls is not necessarily reported. Internal trade secrets, code, or application data typically goes unnoticed. A recent quote in The Wall Street Journal by Steven Fink, president of Lexicon Communications Corp., in relation to the recent Federal investigation on whether Chinese companies were involved in attempts to steal commercial technologies from Silicon Valley companies, further solidifies the ease in which corporate data can be stolen. Mr. Fink states: "From a bottom-line perspective, economic espionage makes great sense--it's relatively easy, and there's little chance of getting caught or punished".
As a transport mechanism, much of organizations information assets move through a company in the form of email--constantly being shared, copied, and forwarded. This information is clearly at high risk. While many companies monitor outgoing email traffic the ability to copy data to an external media such as a flash drive can go unnoticed. In a recent Seattle Times article "Software can lock and unlock e-mail" Gary Tidd, CEO of Estorian said "employees who want to harm the company will do so one way or another, and can steal data with flash drives." Tidd went on to say that Estorian's software can act as a deterrent or virtual padlock to help detect and protect data usage. "Our software is like a lock on the door," Tidd said. "It keeps honest people honest".
With the use of flash drives, organizations will continue to wonder where all corporate data resides and if it is being transported offsite. It really doesn't matter how data gets on flash drives, what matters is the fact that once on a flash drive information is easily transported outside the jurisdiction and security of a company. Solutions such as Estorian's LookingGlass allow companies to set policies, enable alerting, and prevent individuals from moving email to external storage devices. Effective content monitoring of email not only safeguards corporate assets and intellectual property but ensures compliance and identifies potential security risks.
Viruses - While we think of viruses as obnoxious annoyances, viruses are now being unleashed to shutdown security systems and enable outsiders to easily infiltrate and steal information. What better way than a simple and un-threatening flash drive to migrate these Trojans between a home computer and office network. While I'm sure the Pentagon, one of America's hot-beds for sensitive information, is just as concerned about lost or stolen data, recently the Pentagon had a virus attack that, it seems, was caused by the ill-use of flash drives. And while no details of the virus attack have been given, the Pentagon has banned the use of external computer flash drives.
Lost Flash Drives - Amazingly these little flash drives get lost quite frequently. I've even heard of small surveys being done, under 500 participants, where it was reported that a flash drive was lost just about once every week. A quick search on The Breach Blog for lost or stolen data with flash drives clearly shows this category as being quite active and the potential for sever ramifications.
- UK Ministry of Defense Loses Memory Stick with Military Secrets
- Service Canada employee loses flash drive
- Reproductive Medicine Center doctor loses patient data on flash drive
- Stolen Hong Kong Child Assessment Service flash drive
Stolen Information - While there are cases where employees intentionally steal information through the use of flash drives. This category is reported much less than the others as organizations clearly do not want to admit they have allowed their employees to take off with sensitive information.
Much of the information stolen behind corporate walls is not necessarily reported. Internal trade secrets, code, or application data typically goes unnoticed. A recent quote in The Wall Street Journal by Steven Fink, president of Lexicon Communications Corp., in relation to the recent Federal investigation on whether Chinese companies were involved in attempts to steal commercial technologies from Silicon Valley companies, further solidifies the ease in which corporate data can be stolen. Mr. Fink states: "From a bottom-line perspective, economic espionage makes great sense--it's relatively easy, and there's little chance of getting caught or punished".
As a transport mechanism, much of organizations information assets move through a company in the form of email--constantly being shared, copied, and forwarded. This information is clearly at high risk. While many companies monitor outgoing email traffic the ability to copy data to an external media such as a flash drive can go unnoticed. In a recent Seattle Times article "Software can lock and unlock e-mail" Gary Tidd, CEO of Estorian said "employees who want to harm the company will do so one way or another, and can steal data with flash drives." Tidd went on to say that Estorian's software can act as a deterrent or virtual padlock to help detect and protect data usage. "Our software is like a lock on the door," Tidd said. "It keeps honest people honest".
With the use of flash drives, organizations will continue to wonder where all corporate data resides and if it is being transported offsite. It really doesn't matter how data gets on flash drives, what matters is the fact that once on a flash drive information is easily transported outside the jurisdiction and security of a company. Solutions such as Estorian's LookingGlass allow companies to set policies, enable alerting, and prevent individuals from moving email to external storage devices. Effective content monitoring of email not only safeguards corporate assets and intellectual property but ensures compliance and identifies potential security risks.
Leave a comment