USB sticks – or, in friendlier jargon, memory sticks – are taking over from the floppy disc and are the latest must-have accessory for computer users.

For employees on the move, USB sticks are handy and easy to carry. But that also makes them easy to steal or lose.

The memory stick is undoubtedly a great step forward but lose it and the consequences could be serious.

Magnus Ahlberg, managing director of Pointsec Mobile Technologies, said: ‘The advantages of using a small memory stick, compact flash (CF) card or digital camera memory card are enticing.

‘Gone are the days when you had to lug your laptop around with you on every long journey or on spells away from the office.

‘Just attach a USB stick to your key ring and you can carry all the documents you could ever need without that heavy, cumbersome laptop forever being in your shadow.’

A whole range of information is stored on a memory stick, ranging from extensive databases to reams of documents, and as they are so portable – most measuring only a few centimetres long – they could easily end up in the wrong hands.

For less than £200, memory sticks with four gigabytes-worth of storage can be readily purchased. If a careless employee managed to lose the device, the entire contents of an office PC could be given away.

Ahlberg said: ‘The harm to your business posed by information loss is not simply financial or operational.

‘There are also the legal liabilities of information carried away on removable media. If a disgruntled employee decides to leak out information on your customers, you could find you are in for a very big libel suit as well as significant damage to your company’s reputation.

‘You could also find the entire contents of your bank account emptied or even have your identity stolen. These scenarios are very real and have the potential to be incredibly damaging.’

The security threat of issuing drivers with memory sticks needs to be addressed by fleet or IT managers, according to Ahlberg, who has produced a series of criteria to improve security across the office.

Five-point plan for using USB sticks without putting your firm at risk

  • EDUCATION – Inform your employees about security and its implications. Explain why certain controls have to be put in place. Don’t just impose those controls or users will ignore them.

  • SECURITY – Removable media devices are not toys. Decide how you as a company want to manage them. It would be naive to think you could simply ban all removable media.
    However, you should introduce removable media into your security policy and make sure that everyone on your staff reads and signs the policy. Also, explain to your staff what actions will be taken if the policy is ignored.

  • ENCRYPTION – Consider employing a mobile data protection product. Mandatory media encryption solutions are available that can be centrally controlled by the IT department. The best products are fast and transparent to the user, so as to not interfere with their real-time work. Such protection automatically encrypts all information loaded onto a USB token or other removable media. Access is granted only to the user who holds the password.

  • CONTROL – Implement device and executable control solutions that enable you to control exactly what devices can be connected to a system and what executable files can and cannot be run.

  • AUDIT AND MEASURE – Ensure that you carry out regular audits to find out who is using removable media.
    (Source: Pointsec Mobile Technologies)