Edward Snowden, the man who recently leaked NSA secrets to the press, allegedly used a USB thumb drive to copy secrets about the PRISM spy program from the US National Security Agency (NSA).
Thumb drives, while very convenient for many purposes, are a huge security risk. They can be easily lost, exposing your information to whomever finds it. And, they can be used to infect computers with malware.
But perhaps the biggest risk is that a trusted IT vendor or employee will download gigabytes of information, pop the thumb drive in their pocket and walk out the door with it. To protect your company there are several options:
Some companies have gone as far as using silicon caulk to fill in the USB ports on their computers. This obviously prevents the use of thumb drives, which may not be practical if you have a company that needs to download large files for PowerPoint presentations, etc.
Other companies have begun using alert systems, that alerts the IT department or both the user and the IT department when someone is trying to copy files to a thumb drive. The user is generally prompted to call IT for permission.
Most companies however are using encryption software, which allows the free use of thumb drives, but renders the information meaningless without an encryption key which must be requested from security or management.
We recommend the use of an alert system. Encryption is also a good idea, but encryption can be broken without a key by sophisticated hackers. With the alert system, there is a record of attempts to access information.