An IT Manager's Insight
Into Securing Removable Media
by Magnus Ahlberg - Managing Director of Pointsec Mobile
Technologies - Tuesday, 9 November 2004.
If you’re like me, the
advantages of using a small memory stick, Compact Flash (CF)
card, or the digital camera memory card are indeed enticing.
useful, removable media devices, due to their small size,
guises and uses, can be a serious security threat to any
organization. Here are a few hints and tips on balancing the
benefits of these devices against the risks they pose:
Step One – Security
Policy - Removable media devices are not toys. Decide
how you as a company want to manage them. It would be naïve
to think you could simply ban all removable media; however,
you should introduce removable media into your Security
Policy and make sure that everyone on your staff reads and
signs the policy. Also, explain to your staff what actions
will be taken if the policy is ignored.
Step Two –
- Inform your employees about security and its implications.
Explain why certain controls have to be put in place. Don’t
just impose those controls or users will ignore them.
Step Three –
- Consider employing a mobile data protection product.
Mandatory media encryption solutions are available that can
be centrally controlled by the IT department. The best
products are fast and transparent to the user, so as to not
interfere with their real-time work. Such protection
automatically encrypts all information loaded onto a USB
token or other removable media. Access is granted only to
the user who holds the password.
Step Four –
- Implement device and executable control solutions that
enable you to control exactly what devices can be connected
to a system and what executable files can and cannot be run.
Step Five –
Audit and Measure
- Ensure that you carry out regular audits to find out who
is using removable media.