USB Drives and data loss - Attention IT Security
Everyone knows USB drives are a huge chance for losing data. I found a way to make that worse.
I bought a USB drive for my wife to use on her personal laptop. We all carry at least one of these. Her drive stopped be recognized, let alone work on the system.
Since it had only been used 3 times, i wanted the manufacturer to replace it under warranty. They offered to exchange it only if i send it back with drive intact. I was shocked that they required me to send it back. They had a fax number that if i was with the government and can send letterhead of such an organization asking to not send the drive, and they will exempt it.
So a new drive cost $60-$150 depending on size. Having personal, let alone any corporate data on the drive and it falls into the wrong hands, which if it is being sent in a box that says what company makes the drive or is addressed to the company, it would be easy for someone to take a look inside to take what data is on it. The other option involves possibly loosing personal data like ssn or bank info or pdf tax info backups etc.
If you have recently implemented a DLP or CCS product, and are starting to find places where people may have violated the policy of copying from Citrix session or copied data to USB or emailing to/from a personal account, they could have this data on a personal computer or drive already and it is impossible to scan that. To protect yourself, send out a notice to all employees that if a personal USB drive fails, it is better to destroy it and buy a new one, then mail the old one, just in case there is confidential data on it.