Sticking it to USB sticks, again

A new survey highlights a predictable problem: there could be lots of risky private information stored on USB sticks. That's about as surprising as Paris Hilton flaunting her lady garden in public.

A new survey highlights a predictable problem: there could be lots of risky private information stored on USB sticks. That's about as surprising as Paris Hilton flaunting her lady garden in public.

A survey of 1,000 firms carried out by PricewaterhouseCoopers for the UK Department for Business, Enterprise and Regulatory Reform revealed that despite all those amusing rumours of companies gumming up USB ports with glue to stop people doing anything potentially risky — like using them — 67 percent had absolutely no means to stop staff members copying confidential information onto USB sticks.

As a side note, the phrase "USB sticks" is somewhat awkward; the one stuck to my key chain doesn't look the least bit stick-like. But "USB key" isn't much better, since it's liable to cause confusion in a security context. "USB storage" isn't ideal either, since it could cover any device plugged into a USB port. Let's face it, we're screwed. Rather like Paris Hilton.

Whatever the label, the USB-attached data device has always been the poster child for why portable information is A Bad Thing. So tiny! So shiny! So irresistibly criminal! So many names! So little time! Or so the hype goes.

The reality, again rather like Paris Hilton, is both duller and more annoying. Yes, USB storage makes it possible for people to copy confidential information in volumes. But that presumes that they have access to that data in the first place. And that presumes that they are assumed to be trustworthy. If they're not trustworthy, why the hell have they got access to that data in the first place? That's a much bigger problem than the possibility they might copy details onto the stick.

In days gone by, they'd have photocopied them, or printed them out, or nicked the entire PC. Still a problem, just not one with a three-letter acronym attached.

The survey also highlights that the risks, while real, are not massive. Just 6 percent of businesses surveyed said they had suffered a confidentiality breach. I'm not saying in any way that I want to be one of the people whose information is misplaced by that 6 percent, but it does mean that 94 percent of businesses haven't had that problem. Evidently staff in most companies have better things to fill their USB sticks with, like dodgy videos of Paris Hilton doing what comes naturally.