When Data Goes Missing Will You Even Know?

Lam1969 writes "Jack Gold says IT shops may have a huge problem on their hands, and probably don't know even know about it. The problem is USB flash drives, which he predicts will probably reach 10 GB in capacity in three years, and the lack of policies to guide use of them by employees. From the article: 'With more and more employees using flash drives, smart phones with Secure Digital memory cards, portable hard drives, etc., the likelihood of companies actually knowing about all instances of data loss is declining rapidly. And as a result, the possibility of companies breaking laws, whether for data-loss disclosure or regulatory compliance, is growing dramatically.' Gold predicts 'at least one publicized major case of unencrypted data loss from a portable device' in the next year, which will result in many companies banning these kinds of devices."

We already hear about it

[TheAxeMaster]

The company that I work for recently had a laptop stolen. It had personnel information for a large large number of employees (greater than ten thousand) and may or may not have been properly protected. I think that qualifies as pretty serious data loss, and it didn't need a flash drive to happen.

Will it be more prevalent? Maybe. But it already happens. Now, the question is, is there a program that can encrypt/decrypt an entire (relatively) small drive with some sort of key system or something? I think that will be the most logical step to protect small drives like these.

Uh, you can turn off USB drive access in Windows..

[EvilMagnus]

It's been present ever since Windows 2000 - if a company is worried about data loss via USB drives and the like, it's possible to disable access to USB drives using regular Windows security templates.

What the article probably meant to say is that sloppy security practices, combined with increasing personal storage, increases the risk of unknown data loss.

You can lock down a Windows box just fine against casual and accidental leaks if you know what you're doing, and you have a corporate policy to enforce. You can even prevent deliberate attempts at data theft, if you really want to be a hardass.

Re:data has walked out the door before.

[xiphoris]

"It is highly likely that within the next year, we will see at least one publicized major case of unencrypted data loss from a portable device. Afterward, a lot of companies will ban such devices"

No need for "afterward". Most companies that are extremely interested in protecting data (such as a large .com in Seattle for which I have worked) have banned such devices for years. No media may be used to transport company data except that which is explicitly allowed. In addition, no computer wireless devices of any sort (keyboard, mouse) may be used on company machines for security reasons. I'm sure that there are a lot of other similar rules, too, and all for good reason.

It doesn't take a smart company to figure out that you don't want Billing.mdb on a floppy. USB is really no different. :)