Personal devices at work: Look out for these security concerns
April 3, 2008 by Sam NarisiPosted in: In this week's e-newsletter, Latest News & Views, Security and law
A lot of employees would like to connect personal devices like iPods and smartphones to their work computers, either for productivity or entertainment’s sake. But that can open the door to information security issues that IT and HR need to be aware of.
Those USB storage devices are the latest method for stealing company data. It can either be intentional (a sneaky employee downloads corporate documents to take home for some illegal purpose) or accidental, such as when a virus on the device copies the info so that it can be sent to hackers once the device is plugged into an unsecured computer, like the employee’s home PC.
Other problems arise when employees, for legitimate reasons, load data onto personal storage devices that are later lost or stolen.
So what are your options? First, you can ban employees from connecting unauthorized devices to their computers. If they need those things to work, you can standardize on a few models so you know they’re secure.
Or you can ask that employees report any devices they plan on bringing to work so IT can regularly scan them and the employees’ computer for viruses and other suspicious activity. Also, make sure IT and HR has set up a policy regarding what kinds of data are allowed to be transfered to external devices.
July 16th, 2008 at 1:02 pm
Add a GPO setting to block removable storage. This turns off all usb ports. Create a form for those that need it and have them supply a legitimate business case on why they need to have access to it. The form is signed by their supervisor and sent to the Information Security Officer. He/she evaluates the business case and sends the approval to the IS department or the denial to the supervisor.
You then build another OU to allow removable storage and put those that were approved in this one.
My dept does not have the time to scan personal storage devices. Why would a corporation permit personal devices to be connected to company PC anyway? That is just asking for more service calls.