The very things that make portable storage devices convenient for storing and transporting data also make them a greater risk for loss or theft. USB thumb drives hold gigabytes of information, yet fit in your pocket. You can easily have one fall out of your pocket in a taxi or on a train, and you are unlikely to miss it if someone “liberates” one from your possession.
Security vendor Sophos recently bought a number of USB thumb drives at auction that were left behind on trains. Sophos found that two-thirds of the USB thumb drives contained malware–possibly suggesting they were intentionally “left” behind to be found and used by an unsuspecting victim. But, the 50 USB drives comprised nearly 140GB of potential lost data.
None of the USB keys was encrypted, and none of the USB keys contained any encrypted data. None. Sophos found all kinds of interesting data on the USB keys, including lists of tax deductions, minutes of an activists’ meeting, school and University assignments, autoCAD drawings of work projects, photo albums of family and friends, a CV and job application, and software and web source code.
Don’t let that be your data. Make sure you have policies and security controls in place to control what data is allowed to be stored and transported on portable storage media, and make sure your data is encrypted so it is protected even if that media is lost or stolen.