Security Awareness Training to Stem Data Loss from USB Drives

USB drives are a great example of a business-enabling technology that carries an obvious security risk.
Some USB drives allow you to store up to 64 GB of data, on something that easily fits into your pocket. You can pretty much swipe an entire company’s database. Whether someone is using that for nefarious purposes, or just taking the information home (until they realize with a sinking feeling that the stick is missing from their pocket), the end result is a data loss disaster waiting to happen.
Making matters worse, most companies would have no way of knowing if a USB downloaded files. From BusinessWorld:
“From the 2008 results of the Global State of Information Security Survey by CIO Magazine, CSO Magazine and PricewaterhouseCoopers, only 36% of companies surveyed have an accurate inventory of their personal or sensitive data.”
As the article mentions, it is technically possible to install “software on your network to specify what types of files cannot be copied to a USB drive via file name extension, keyword content, or both. The USB device control software can thus send an alert to the employee’s boss or the security officer, notifying them of such an attempt.”
That’s one way to go.
A more holistic solution you could use to supplement your organization’s security is to just educate your workforce. Do a “lunch-and-learn” meeting where you do behavior training around secure usage of USB drives and other possible avenues for data loss (eg. email, printing).
Security Awareness Training can give employees the tools to improve the company’s security posture immediately. It’s important to consult with experts before conducting this kind of training (and you may want these experts to conduct more formal security awareness sessions) to make sure people are getting the right kind of information. If in doubt about how to get started, call the professionals.