Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Data Goes Missing Will You Even Know?

Posted by ScuttleMonkey on from the average-joe-in-a-clean-room dept.

Lam1969 writes "Jack Gold says IT shops may have a huge problem on their hands, and probably don't know even know about it. The problem is USB flash drives, which he predicts will probably reach 10 GB in capacity in three years, and the lack of policies to guide use of them by employees. From the article: 'With more and more employees using flash drives, smart phones with Secure Digital memory cards, portable hard drives, etc., the likelihood of companies actually knowing about all instances of data loss is declining rapidly. And as a result, the possibility of companies breaking laws, whether for data-loss disclosure or regulatory compliance, is growing dramatically.' Gold predicts 'at least one publicized major case of unencrypted data loss from a portable device' in the next year, which will result in many companies banning these kinds of devices."

7 of 327 comments (clear)

  1. We already hear about it by TheAxeMaster · · Score: 5, Informative

    The company that I work for recently had a laptop stolen. It had personnel information for a large large number of employees (greater than ten thousand) and may or may not have been properly protected. I think that qualifies as pretty serious data loss, and it didn't need a flash drive to happen.

    Will it be more prevalent? Maybe. But it already happens. Now, the question is, is there a program that can encrypt/decrypt an entire (relatively) small drive with some sort of key system or something? I think that will be the most logical step to protect small drives like these.

  2. Uh, you can turn off USB drive access in Windows.. by EvilMagnus · · Score: 5, Informative

    It's been present ever since Windows 2000 - if a company is worried about data loss via USB drives and the like, it's possible to disable access to USB drives using regular Windows security templates.

    What the article probably meant to say is that sloppy security practices, combined with increasing personal storage, increases the risk of unknown data loss.

    You can lock down a Windows box just fine against casual and accidental leaks if you know what you're doing, and you have a corporate policy to enforce. You can even prevent deliberate attempts at data theft, if you really want to be a hardass.

    --
    -EvilMagnus
  3. Re:data has walked out the door before. by xiphoris · · Score: 4, Informative

    "It is highly likely that within the next year, we will see at least one publicized major case of unencrypted data loss from a portable device. Afterward, a lot of companies will ban such devices"

    No need for "afterward". Most companies that are extremely interested in protecting data (such as a large .com in Seattle for which I have worked) have banned such devices for years. No media may be used to transport company data except that which is explicitly allowed. In addition, no computer wireless devices of any sort (keyboard, mouse) may be used on company machines for security reasons. I'm sure that there are a lot of other similar rules, too, and all for good reason.

    It doesn't take a smart company to figure out that you don't want Billing.mdb on a floppy. USB is really no different. :)

  4. not just USBs.. by dotpavan · · Score: 3, Informative

    I remember a similar article here discussing the usage of portable gadgets at workplace, like iPod, camera cell phones, etc and many stated that their workplace does not allow such gadgets in "certain" areas, and they had to actually check them out before entering the premises..

  5. Since 3/4 of you aren't going to RTFA... by mh101 · · Score: 3, Informative

    From reading the comments, it's obvious that most of the posters haven't RTFAed. But what's new - this is Slashdot after all...

    So to clue you all in:

    The article is not about people stealing sensitive data from their workplace using their USB drives. The article is about people losing data, because they've lost the USB drive they had it stored on.

    --
    Duct tape is like the Force. It has a light side, a dark side, and it holds the universe together.
  6. Data loss (no backup) or data theft (stolen disk)? by paultwang · · Score: 3, Informative

    For the first problem (Data loss due to lost or corrupted disks), which seems to occupy the majority of the article, the solution is easy. Back up your data from your portable storage as soon as you can easily access the mainframe. How long does a differential/incremental backup take? 10 seconds? 2 minutes? A piece of data existing in the portable disk, the mainframe, and the backup tapes, is much harder to be lost.

    For the second problem (Data theft due to lost disks), encryption works well. To discourage data theft due to lost disks, a simple, easy-to-use on-the-fly encryption on the portable storage device can help tremendously. The solution has to be simple because if it is a few mouse clicks too many, employees will try to circumvent the hassle.

  7. Re:A little epoxy will fix that right up. by TallMatthew · · Score: 3, Informative

    rm -rf /lib/modules/2.6.n/kernel/drivers/usb/storage should do it.

    Oh, right. Windows.