Companies ignore security issues surrounding the use of USB keys and portable media players, consider their use merely a minor security threat and don't even bother encrypting any data held on them, according to a recent survey.
Conducted by Pointsec, the survey of 200 Australian IT professionals, found that 78 percent use USB keys at work; 86 percent of the respondents admitted they do not encrypt the data held on them, even though they are aware of the danger.
The survey (of which nearly half of the participants were IT security professionals) found that 75 percent had not secured the information on their own personal flash drives.
Oscar Moren, managing director of Pointsec Australia, said there is little point in companies spending vast sums of money on information security if such devices are running wild inside an organization and added policy is the best way to combat use.
"Organizations need to introduce strict guidelines on the use of removable media devices in the workplace, as well as investing in encryption software which will allow administrators to force the encryption of data put into a mobile device," Moren said.
"Using this type of software is just as vital and inexpensive as using antivirus software, yet only a fraction of organizations have woken up to the problem.
"Storing information on devices is not a new problem and not so long ago it would have been information stored onto a 1.MB disk; however, now the problem is a much greater storage problem and therefore needs to be dealt with in the security policy."
USB memory sticks with 4GB of memory equate to holding around 160,000 documents. Moren said companies need to ensure policies are used to control the amount of log-in attempts to access data, and ensure all staff are aware their employment does not allow non-company devices to be used within the company network.