Exposing the Company Networks (A survey!)

New research reveals that more workers than ever are plugging portable devices into company networks – potentially exposing employers to viruses and the threat of data theft.

The DeviceWall Security Attitudes Survey 2006 from Centennial Software has revealed that 70 per cent of workers now plug a USB drive, MP3 player, PDA or other portable device into a computer connected to the company network on a daily basis, and 88 per cent plug in a portable device at least weekly.

The most common device to be connected to the network was the USB drive – used by 38 per cent of respondents. Also popular were PDAs (21 per cent), digital cameras (15 per cent), mobile phones (14 per cent) and MP3 players (7 per cent).

The survey results go on to reveal that despite this, employers, although aware of the problem, are still failing to act to combat it with any controls over portable devices. 40 per cent of respondents thought their company had no measures in place to manage the threat of corporate devices, and of those companies that did have a policy, almost half had implemented either a company-wide ban or were leaving it to the managers’ discretion.

“USB drives are now available with 64 GB of memory – more than your average laptop holds – which could be used by a disgruntled employee to download an entire customer database or over two million Word documents,” said Andy Burton, CEO at Centennial. “As flexible working becomes more widespread, so will these devices – as they can play an essential part in effective business – so it’s vital that companies address this now using effective, technical enforcement, rather than simply relying on a managers’ discretion.”

“Despite the ongoing popularity of portable devices such as USB drives and PDAs, an outright ban is neither effective or productive – organisations must strike the right balance between good working practice and company security.” added Burton. “At the same time, it’s important to remember that it’s not the devices themselves, it’s the data on them which needs protection. That’s why we advocate the use of a technology that supports the implementation of a workable policy that reflects the needs of individual employees, while protecting the company as a whole.”