Watch out for USB espionage

With sales of MP3 players, digital cameras and a swathe of other new gadgets rising exponentially, it appears the age of the data-carrying device is well and truly upon us. Yet for some the mass proliferation of these technologies actually represents a serious threat to business security.


With sales of MP3 players, digital cameras and a swathe of other new gadgets rising exponentially, it appears the age of the data-carrying device is well and truly upon us. Yet for some the mass proliferation of these technologies actually represents a serious threat to business security.

With sales of MP3 players, digital cameras and a swathe of other new gadgets rising exponentially, it appears the age of the data-carrying device is well and truly upon us. Yet for some the mass proliferation of these technologies actually represents a serious threat to business security.

The problem is twofold. Firstly, almost every new data-based device comes equipped with a USB connection, meaning it is compatible with almost any PC. In addition, it’s easy to forget that the purpose of iPods, digital cameras and the like is to store a vast amount of information. MP3s and jpgs are just different type of computer files and if these can be saved so can most other file types. Combined, these two traits open the way for some serious security issues.

Data theft
‘Anything that can be used as a disc is a potential threat,’ explains Ruth Bowen, from IT security group Sygate. ‘iPods and digital cameras are just two of the devices with the potential to store data – both are seemingly innocuous and therefore largely overlooked by growing firms that is where the danger stems from.’

A timely reminder of the gravity of the threats posed came from The Sun newspaper earlier this year. During the summer a reporter working for the paper claimed that he was able to buy the bank details of a thousand UK customers from an Indian call centre worker, who also allegedly told the reporter he could sell up to 200,000 more customer details each month. Meanwhile, research group Gartner estimates that of the security breaches that result in actual measurable loss to an enterprise (as opposed to mere annoyances), an astonishing 70 per cent involve ‘insiders’.

‘People,’ Bowen surmises, ‘are connecting [these devices] and yet you don’t know what they’re doing with them.’

And there are other dangers besides the theft of sensitive information.

Wormholes
‘The threats go in both directions,’ Bowen continues. ‘You can download data, but you can also upload viruses and worms.’ That’s not to say that employees will deliberately try to upload viruses on to your systems out of spite. But in these days of firewalls and email scanning software, USB devices represent a route on to the corporate network that may not be habitually monitored.

For smaller firms there can also be problems relating to data overload. In a recent survey IT security group Centennial Software found that around 50 per cent of working women download personal files (including music tracks and photos) onto their work computers – men are apparently far geekier and do their downloading in the privacy of their own homes.

‘A security breach is the one that’s going to cause you the most damage. But for smaller firms there’s a real nuisance factor associated with someone clogging up your network with their holiday snaps,’ ventures Centennial’s Matt Fisher. ‘We’re not trying to overplay this and say that photos are going to bring your network down. But it is about being more intelligent.’

Needless to say, Sygate and Centennial are among those providing potential solutions to the problem. Both have offerings that enable businesses to block or limit the use of certain devices on their corporate networks. Whether or not firms chose to buy some form of protection, however, it seems as though vigilance is an essential starting point.

At the very least it is important for growing firms to draw up their own policies relating to the use of USB devices in the workplace. These should clearly define what is acceptable and what is unacceptable use and should be widely circulated to ensure all employees are aware of the rules.

For further information visit:

* www.centennial-software.com
* www.sygate.com

Related Topics

Leave a comment