News Archive

Unsecured USBs

by msecadm4921

Preventing data leakage is of interest to many. Just ask: the IT guys who didn’t spot the Terabyte of data containing MPs’ expenses as it was downloaded to an external device (then sold to the Daily Telegraph). Yet in spite of the rising call for data security and digital accountability, some companies do nothing to prevent confidential data leaving on USB sticks, it is claimed.

With the MAS v7 product, it is claimed, organisations can ensure only authorised employees use official USB memory sticks, which can be encrypted with biometric fingerprint-scanning authentication to ensure that the data on the USB stick cannot be accessed by anyone except its authorised user (a useful feature in the event that the USB stick gets lost).

Each memory stick is audited so that leaks and losses can be traced back to the original culprit. Certain users can be restricted so that no USB devices will work for them, and certain users can be authorized to use any USB storage device on any computer. The software can be used to block all USB storage devices, such as cameras, flash drives, mobile phones and iPods.

It’s described as an employee monitoring tool puts organisations in control of the who, when, what and where of data transference to memory sticks.

3ami has unveiled Monitoring & Audit System (MAS) v7, which enables businesses to monitor and audit employee usage of USB devices on company computers. Like previous versions of MAS, MAS v7 also captures and securely stores a record of all user activity on every application, including email, word processing, spreadsheet applications, instant messaging and online. The monitoring capability of MAS has been extended in version seven to prevent employees from downloading confidential company files onto personal USB sticks and removing them from the premises without permission.

With MAS v7, organisations can ensure only authorised employees use official USB memory sticks, which can be encrypted with biometric fingerprint-scanning authentication to ensure that the data on the USB stick cannot be accessed by anyone except its authorised user (a useful feature in the event that the USB stick gets lost). Each memory stick is audited so that leaks and losses can be traced back to the original culprit. Certain users can be restricted so that no USB devices will work for them, and certain users can be authorized to use any USB storage device on any computer. The software can be used to block all USB storage devices, such as cameras, flash drives, mobile phones and iPods.

MAS strives to help employers hold themselves and others accountable for irresponsible, dangerous and illegal computer activity in the workplace. MAS enables employers to prevent breaches of confidentiality and to hold both mobile and home business users accountable for their actions within the office’s computer network, hence freeing businesses to create safe and secure digital workplaces.

"In the event of wrong-doing, it is essential to know, with certainty, which employee did the wrong-doing," said Tim Ellsmore, managing director of 3ami. "If you don’t monitor your network, you are saying that you do not take responsibility and accountability seriously. If something goes wrong, you have no one to blame but yourself."

In other words –

Without monitoring it is impossible for companies to hold individuals accountable for their actions on company computers. When secrets are leaked, the companies who do not monitor are left pointing fingers and looking for someone to blame.

For example: "James," an employee at a major UK department store, was fired last month for charging his iPod at work. (James is a pseudonym; the employee is appealing his termination and has asked to remain anonymous). When James’ superiors saw James charging his iPod, they accused him of "slurping," or using an iPod to download tens of thousands of company files per hour. James’s employers had no physical evidence of wrongdoing (the store does not use MAS v7), so they framed their argument on grounds of mistrust. In the end, James was fired not because of misconduct, but because his company lacked the ability to prove, with certainty, whether he was innocent.

In certain cases, such as the above, it can actually be ethically questionable for a company not to monitor its computers. However, as an increasing amount of information moves to computers, and as mobile devices such as iPods and smart phones become ubiquitous, it is imperative that organisations safeguard their networks from reckless, irresponsible and damaging activity. It is equally imperative to account for such activity, if it does take place. For more information visit:

Related News

  • News Archive

    Debt Chase Day

    by msecadm4921

    A half-day course for investigators on tracing the elusive debtor is offered by investigator and trainer Peter Heims It’s running on Saturday,…

  • News Archive

    Haulage Seminar

    by msecadm4921

    Despite repeated advice and increased prevention measures, security is an escalating problem for road hauliers and now accounts for annual losses of…

  • News Archive

    IP Integration

    by msecadm4921

    Brickcom Corporation announce the integration of a range of their IP camera series with Milestone XProtect IP video management software. Customers will…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing