Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

USB Drives and data loss - Attention IT Security

Created: 17 Sep 2009 • 2 comments
neil_rogers's picture
+1 1 Vote
Login to vote

Everyone knows USB drives are a huge chance for losing data.  I found a way to make that worse.
I bought a USB drive for my wife to use on her personal laptop.  We all carry at least one of these.  Her drive stopped be recognized, let alone work on the system. 

Since it had only been used 3 times, i wanted the manufacturer to replace it under warranty.  They offered to exchange it only if i send it back with drive intact.  I was shocked that they required me to send it back.  They had a fax number that if i was with the government and can send letterhead of such an organization asking to not send the drive, and they will exempt it.

So a new drive cost $60-$150 depending on size.  Having personal, let alone any corporate data on the drive and it falls into the wrong hands, which if it is being sent in a box that says what company makes the drive or is addressed to the company, it would be easy for someone to take a look inside to take what data is on it.  The other option involves possibly loosing personal data like ssn or bank info or pdf tax info backups etc. 

If you have recently implemented a DLP or CCS product, and are starting to find places where people may have violated the policy of copying from Citrix session or copied data to USB or emailing to/from a personal account, they could have this data on a personal computer or drive already and it is impossible to scan that.  To protect yourself, send out a notice to all employees that if a personal USB drive fails, it is better to destroy it and buy a new one, then mail the old one, just in case there is confidential data on it.


Comments 2 CommentsJump to latest comment

Nitin Lal's picture

 You can encrypt the file to avoid this kind of situation. In case if the USB drive stop to be recognize then at least your data is encrypted and it can only be accessible by using the decryption password. 

Nitin L

Login to vote
sbertram's picture

Good point Neil if there is data on that you do not want in the wrong hands best to destroy the drive.  Also maybe buy from another company with a differenrt return policy.

Login to vote