The Integrity News
Vol. XIII No. 13
"objective risk management services"
July 15, 2004
Technical consultant Gartner Group, Inc.
has just published a report entitled:
"How to Tackle the Threat From
Portable Storage Devices"
The basic problem is that these devices can be used to
steal large quantities of corporate data, and can also
be used to introduce viruses and worms into corporate
networks. "The gadgets can be used to siphon
information from a computer, turning a seemingly
innocuous device into a handy tool for data thieves."
According to articles from CNN and ComputerWeekly,
mobile media devices such as iPod "pose such a major
security risk for businesses, that enterprises should
seriously consider banning the portable storage devices
(from their premises)".
Of equal concern are pocket-sized portable FireWire
hard drives, USB hard drives, key-chain drives, disc-based
MP-3 players, and digital cameras with removable smart
According to British security, "With USB devices, if you
plug it straight into the computer you can bypass passwords
and get right on the system". In a survey of mid to large
sized companies, 82% said that "they regard so-called
mobile media devices like the iPod as a security threat".
As a result, in addition to the military and national security
interests, a growing number of companies, "particularly
those in the financial and healthcare sectors, are devising
policies to keep these devices out of their offices."
"Companies must limit the damage from malicious code,
loss of proprietary information, loss of intellectual property,
and consequent lawsuits and loss of reputation."
"Oftentimes, a business has no idea if an employee is
stealing data via removable media." "A portable media
player with two gigabytes of capacity could easily and
quickly store a customer database."
"Gartner advised companies to forbid employees and
external contractors with physical access to corporate
networks from using these privately owned devices with
corporate PCs. Companies should also consider a
'desktop lockdown policy', disabling universal plug and
play functions after installing desired drivers, to permit
the use of only authorized devices." "Companies may
also want to implement individual PC firewalls to limit
what can be done on a USB port."
While all of these devices were developed for personal
entertainment and convenience, there is now this dark
side. In fact, there is a whole industry cropping up to sell
"useful" peripherals for these mobile media devices.
For example, for the digital camera buff, if the storage
modules are frequently filling up too quickly, there is
now an interface available that makes it easy to download
the camera memory to the mobile media device. That,
for instance, worries security directors of companies
with intellectual property, customer lists, secret formulas,
new designs, etc. that they must protect.
For additional information about the business risks related
to employee crimes, browse
The Integrity Center, Inc.
website and feel free to call (972) 484-6140 to discuss
a particular situation that you have. Helping you with your
Risk Management and HR Automation is what we do.