Not enough encrypted drives despite numerous data breaches USB sticks remain a big security weakness for many UK organisations with many employees using drives for data transport without permission and not bothering to report their loss, a Ponemon Institute study has found.The study polled 451 IT staff in the UK from a global total of 2,942 on behalf of Kingston Technology, finding that 73 percent had experienced staff use of USB drives without authorisation, with 72 percent mentioning loss without notification in the last two years.Only half of UK organisations employed some form of security policy or technology to these devices, and awareness of the risk posed by them was to be low in Britain compared to security-aware countries such as Germany.Organisations were reluctant to enforce the use of secure drives, with 55 percent of workers using generic drives bought by themselves or picked up at conferences or trade shows. “If you lose a laptop you can’t do your work; if you lose a USB stick nobody will ever know about it,” said Larry Ponemon of the Ponemon Institute. “To many people a USB stick is just a ubiquitous device.”In the last three years, cases publicised by Britain’s Information Commissioner’s Office (ICO) show that lost USB drives – very few of which ever employ encryption despite containing sensitive data – have become a major bane of the public sector. Despite only scratching the surface of the problem, according to Ponemon, public ‘naming and shaming’ has been a major spur to change.“Notification has been shown to be very effective in achieving a higher level of compliance,” said Ponemon. “When it is made a reputation issue, organisations tend to pay attention to it.”Data isn’t the only risk, with only 29 percent of those asked saying that their companies had systems in place to detect the malware that might creep into organisations via USB sticks.Kingston recommends that organisations provide all employees handling sensitive data with encrypted drives, create policies for acceptable use, and employ asset tracking and recovery to manage their deployment.An infographic summarising the UK findings can be found here. Related content news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Android Security Mobile Security news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management news Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements Open letter claims current provisions will create new threats that undermine the security of digital products and individuals. By Michael Hill Oct 03, 2023 4 mins Regulation Compliance Vulnerabilities opinion Cybersecurity professional job-satisfaction realities for National Cybersecurity Awareness Month Half of all cybersecurity pros are considering a job change, and 30% might leave the profession entirely. CISOs and other C-level execs should reflect on this for National Cybersecurity Awareness Month. By Jon Oltsik Oct 03, 2023 4 mins CSO and CISO Careers Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe