Content

USB devices threaten UK business

UK businesses are victims of high levels of data theft from employees using personal storage devices, a report revealed today.

The report, released by Prefix IT, showed that organisations are susceptible to information theft obtained through the USB ports of company computers and laptops.

Employees are using personal storage devices such as MP3 players, digital cameras and USB flash drives to steal company data including customer databases, confidential documents, business contacts and sales leads.

The report highlights the widespread ownership - 78 per cent of the workforce - of such devices capable of downloading and storing data.

Graeme Pitts-Drake, managing director of Prefix IT, believes this has made it increasingly easy for workers to take confidential data.

"It's become invisible now. Workers appear to be downloading music and employers take no notice, when in fact they are stealing large amounts of company property", he said.

He believes all organisations, whether commercial, public service or charitable, are vulnerable to such crimes, with SMEs shown to be at most risk.

"This is a huge problem. Every company in the UK has records that can be stolen. The potential to lose data is phenomenal and all organisations are affected", he said.

The research also revealed the attitude of employees towards office data. Over a third of male employees believe it's acceptable to take database information and sales leads, and just under half of younger workers, aged 16-24, don't view it as ‘stealing' despite the severe penalties imposed if caught.

Moreover, the report found that 30 per cent of workers believe company information is rightfully theirs to take and graduate trainees are the most likely to commit data theft, with 73 per cent admitting taking information and 55 per cent seeing no moral dilemma involved.

"I was shocked by the attitude of the workers surveyed towards data theft. Clearly, many employees don't see this as stealing and don't apply any ‘moral brakes' to such activities. Naïve employers who continue to trust their staff blindly, without relying on robust security measures are asking for trouble", Pitts-Drake said.

He called for UK businesses to take action against the thieves by adopting better data security policy and "educating workers through this policy". Furthermore he urged companies to invest in inexpensive technology, stored centrally on a server, to prevent further crimes.

"Companies have a responsibility to maintain confidentiality of employee data. In an age where identity theft is the fastest growing crime, the results of this report have particular resonance", he said.

The behaviour and attitudes of over 1000 workers were examined in the report completed this month.


Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.