In an effort to prevent data theft, several Canadian firms have banned employees from taking mp3 players and flash drives to work.
In a countrywide survey of 259 companies conducted by Ipsos-Reid Corp. , as many as 30 per cent of the respondents said they have prohibited staff from bringing mp3 players such as Apple Computer Inc.’s iPod to work.
The study was commissioned by Sun Microsystems Canada Inc. in Markham, Ont. The company said some of its clients had concerns about how the proliferation of mobile devices that can easily download data would affect corporate security.
“Banning such devices is an expected first reaction,” said Andy Canham, president of Sun Canada. But said he added that an outright ban may not be the answer because eventually other devices would be developed to replace the forbidden gadgets.
Instead, he said, companies need to set up security policies that protect sensitive information, while promoting the effective use of mobile technology.
The Ipsos-Reid survey also suggests that many businesses do not have effective policies in place to prevent the misuse of mobile devices – or if such policies do exist, they are not being properly implemented.
Only 32 per cent of the respondents believe their companies are effectively ensuring that mobile devices are not being misused, according to Paul Orovan, research manager at Ipsos-Reid And while Canadian firms are increasingly adopting such devices, the survey also indicated that only a few are aware of the security risks they pose.
Nine out of 10 businesses (91 per cent) provide company cell phones to some employees, and almost as many provide laptops to employees to access corporate networks from external locations.
Seventeen per cent of survey respondents admitted they have a very poor understanding of the risks associated with remote or wireless access; and approximately 13 per cent – or one in ten – believe they are doing a poor job of mitigating risks.
Another 11 per cent are not applying proper procedures to successfully deal with security breaches.
Forty-two per cent of the executives believe theft of customer information is the worst repercussion of a security breach.
Currently, 22 per cent of the Canadian workforce has remote access to the corporate intranet, but this figure is expected to rise to almost 30 per cent within the next year.
Of companies that did not offer remote access, 72 per cent admitted that security concerns influenced their decision.
The survey said 49 per cent of senior leaders in mid-range and large scale firms have policies that bar personal laptops and USB keys from the workplace. The security risks associated with USB keys and mp3 players were highlighted by Carole Longendyke, IT forensics expert at the World Conference on Disaster Management in Toronto.
Longendyke is partner and director of forensic services at PG Lewis and Associates LLP. in Whitehouse Station, N.J., recently acquired by New York-based risk consulting firm Protiviti Inc.
She described how an employee of a New York-based firm used a USB stick to pilfer hundreds of original designs.
What alerted investigators to the culprit’s identity was a computer trail indicating that the massive data download coincided with the moment an external drive was attached to the suspect’s terminal.
“A couple of decades ago you would have had to stand by a copying machine for hours to accomplish that, now it only takes a few minutes,” Longendyke said.