Despite this, only 34 percent enforce encryption on all removable devices allowed on their networks (25 percent in the U.S. and 51 percent in Canada).
Other key findings from the survey include:
- 91 percent of companies allow removable storage devices on their corporate networks, including USB flash drives, smartphones (e.g., iPhones and Android devices), tablets (e.g., iPads and Android tablets) and optical media.
- While 81 percent of businesses have a policy regarding encryption of corporate data on employees’ own removable storage devices, nearly two-thirds of businesses report not enforcing encryption on those devices. Twelve percent leave it to the user to enforce encryption.
- 20 percent of businesses report not having a defined action plan to deal with a data breach, nor do they have intentions to draft one.
“While most of the world’s enterprises are focused on protecting their networks from external threats from malware and hackers, the bigger risk for a data breach appears to be inside the organization. Workers are moving mass volumes of data on unsecured devices, often their own iPhones and flash drives, out of the network every day, and this makes businesses vulnerable to loss or theft of corporate or customer data,” said Lawrence Reusing, general manager, Mobile Security for Imation. “As the research illuminates, most organizations do not have a handle on the devices and data that can walk out their door every day.”
Imation offers the following best practices to protect your organization from data loss or theft:
1. Establish systems, policies and standards for new devices you bring into the workplace:
- All removable media and mobile devices should be encrypted.
- Implement centralized management of removable storage devices, including “remote kill” – disabling the device when it is connected to the internet – when possible.
- Implement audit and compliance controls so you know what is on those devices.