iPods and memory sticks - your network's worst enemy?

Clamour continues for removable media crackdown...

Businesses are failing to crack down on the use of removable memory devices within their organisation despite growing concern about the damage such media can cause.

iPods, digital cameras, flash memory devices, USB memory keys and CDs are just some of the devices which flow in and out of organisations with their employees on a daily basis and yet there are very few safeguards in place checking just what data is coming and going.

Whether it's viruses or illegal content being brought into the organisation or sensitive data being taken out - the picture is one of lax security and a failure to recognise and deal with a serious threat to a businesses' very existence.

Today the MoD announced it has banned iPods from entering Ministry premises and now research from Vanson Bourne has revealed the extent of the threat and the lack of awareness which dogs UK businesses.

According to the findings, 84 per cent of companies have no policies in place to prevent employees using any removable media. It's perhaps unsurprising therefore that 83 per cent of companies have been the victim of some form of electronic crime.

The research found that 85 per cent of employees use mobile media to transport data from work to home and vice versa - though knowledge of what that data consists of is very sketchy among management.

And the threats should be obvious to all. In fact, 82 per cent of companies surveyed acknowledged that removable media does pose a threat to their networks. Perhaps the clearest threat is that posed by malicious code which could be unknowingly, or wantonly, introduced.

Andy Campbell, MD of Reflex Magetics, who commissioned the research, told silicon.com: "There is a lot of malicious code bypassing company firewalls in this way and there are other threats to the business, such as illegal software or files such as MP3s, being moved onto the company network."

Companies are increasingly being held liable for all data on their network, so just because one rogue employee brings in a device full of illegal MP3 files and downloads them onto a work PC, it could be the business that suffers costly litigation.

Similarly illegal software on the network could also prove costly.

But it's not just what's coming into the organisation which should be of concern. The greater threat may actually be posed by what is leaving the company each day in a pocket or briefcase.

Campbell said a company's entire database could easily be taken out of the building on the kind of storage devices available now and for many companies "short of giving everybody a full body search there is not a lot they can do".

However, Campbell doesn't advocate banning all such devices or blocking their use - partly because it creates an 'us and them' culture across the organisation but also because there are often very valid operational reasons for keeping USB functionality working, for example.