Technology is supposed to be making our lives easier. Sometimes it even succeeds at that. The more we use technology, though, the more we are opening ourselves up to security threats. Often, those threats aren´t even obvious, so we don´t do anything about them. This is particularly relevant as we embrace a wide variety of portable devices to make us more productive.
This was put into the forefront of my mind today as I came across a survey by a company called Centennial Software. You need to pay special attention to this if you have employees, or if you manage people. As part of their DeviceWall Security Attitudes Survey 2006, they found that 70 percent of workers plug a USB device into their work computer, and therefore the company network, every day. Those devices include MP3 players such as iPods, PDAs and smartphones, flash-based USB drives and the like. 88 percent of employees plug such a device into the company network at least once a week.
Here´s the problem. Those devices make people either directly more productive, or happier, which in turn makes them more productive. On the other hand, when people are plugging in devices that you have no control of into your corporate network you are exposing that network to the threat of viruses and other nasty problems. The problems that that could create could far outweigh the benefits to productivity of the devices.
There´s a potentially bigger problem, too. The survey found that the most common device that people attached to the network was a USB drive. USB drives now come in storage capacities bigger than you see in many laptops, and the cost of the drives is falling almost every day. That means that a disgruntled employee could very easily load the contents of their hard drive or data from the network onto their drive and you would never know. Or, that same employee could load a virus or other malware without a problem.
Here´s the worst part. Of the people surveyed, 40 percent said that their company had no policy regarding the use of the devices on their networks. Of those companies that did have policies in place, fully half of them didn´t enforce the policies.
Does this mean that you need to ban the use of USB devices by all of your employees on your network? Of course not. It just means that you need to understand the risks that you are exposing yourself to and take steps to minimize them. That means creating a policy for their use, and educating everyone about the problem. That way productivity devices can actually help make us productive.