Companies should ensure an appropriate security policy is in place to manage flash drives

News by SC Staff

A ban on the use of USB memory sticks by the US Department of Defense has been described as nothing 'new or shocking'.

A ban on the use of USB memory sticks by the US Department of Defense has been described as nothing ‘new or shocking'.


George Purrio, European technical manager at Imation, claimed that flash drive users need to consider the risk of virus transfer between computers and networks as a high priority when managing files. He said: “It's not the technology in itself that presents the threat, but the casual attitude towards the information within it that makes the difference.


“It's vital, therefore, that businesses have appropriate policies in place to secure the company's IT system. For example, users should only upload and download files of known format and origin and be wary of unrecognised sources. Simple steps such as scanning downloaded files for viruses can also offer additional effective protection.”


The US Department of Defense imposed a temporary ban in late November, to combat the spread of a self-propagating Windows worm. Purrio claimed that flash drive technology in itself can't develop in such a way as to control this virus risk, and if it did, it would lose its benefits of convenience and mobility.


He claimed that “the user needs to develop a greater awareness of the risks involved with transferring files and adopt a more cautious approach to get the best out of USB as a storage medium.


“With any technology it's difficult to reap the benefits without having to make some compromises - the concepts of flexibility and global mobility come with their own caveats.”


Andrew Clarke, senior vice president, international at Lumension Security, said: “The widespread use of USB devices within an organisation can open it up to data loss on two major fronts, data stolen by copying onto a device and data stolen by copying from a device.


“To that end, it is imperative organisations adopt the right technologies and policies within the enterprise to effectively manage these devices without compromising the integrity and confidentiality of business critical systems and data.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews