Although employees pose a weak point in cybersecurity through their use of USB drives, based on new research conducted by secure data storage device manufacturer Apricorn, the majority of employers (Information Technology departments) are failing to equip their employees with the appropriate technologies, procedures and policies to ensure data security across the organization.
To conduct the survey, Apricorn spoke with some 300 employees across U.S. industries including education, finance, government, healthcare, legal, retail, manufacturing, and power and energy.
As an example, the report finds that although 91 percent of those polled stated that encrypted USB drives should be mandatory, it stands that 58 percent of organizations are not enacting port control or similar protective measures such as whitelisting software in order to manage USB device usage. A whiterlist is a list of e-mail addresses or domain names from which an e-mail blocking program will allow messages to be received.
Furthermore, the review found that 53 percent of enterprises do not require encryption for data stored on USB drives. It was also found that, by examining the new results against Apricorn’s previous USB data protection report, that under half of organizations have a lost/stolen USB drive policy in place (beoow the figure from 2017).
Furthermore, the majority of respondents (at 53 percent) stated their organization does not have appropriate technologies in order to prevent or detect the download of confidential data onto USB drives. It also stands that more than a third (36 percent) of the companies surveyed do not have any kind of USB control policy in place.
According to Mike McCandless (of Apricorn), the results raise concerns: ““Even though 90 percent of employees use USB devices today, the fact that nearly 60 percent of employers fail to use port control or whitelisting software to manage USB device usage is alarming. Organizations should not only implement strict data security policies, but they also must reinforce that their employees use encrypted USB drives that require a unique PIN.”
