Storage wrinkle: 4,500 flash drives left at the cleaners
- — 22 January, 2010 08:39
Lost a thumb drive with important data on it? Check with your dry cleaner. A survey by a U.K.-based company shows that in the last year, 4,500 USB flash drives were forgotten in pockets of clothes left at the dry cleaners, and thousands more handheld devices were left in the backseats of taxis.
While that number may appear high, the survey of 100 dry cleaners by data security company Credant Technologies of London this month revealed that the number of flash sticks left at the cleaners since last April actually declined by half.
It "is likely to be a change in users' habits as opposed to a significant breakthrough in people's vigilance," Credant said in a press release this week.
According to Credant, another survey of London and New York City taxi companies last year revealed that more than 12,500 handheld devices, such as laptops, iPods and memory sticks, are forgotten in taxis every six months.
Sean Glynn, chief marketing officer at Credant , said his company urges users to take more care not to download unprotected corporate data and other sensitive information that if lost "could lead to a security breach, especially now that there are harsh fines afoot."
"This could now cost a company up to [$US811,000] with new powers given to [the UK's] Information Commissioner's office to fine companies who have not sufficiently protected customers details under the Data Protection Act," Glynn stated.
A December survey of 636 IT security and IT support practitioners by the research group the Ponemon Institute in Traverse City, Mich., found that 83 per cent believed at least one data breach had occurred in the past two years in their organization. Nineteen percent indicated the breach happened when a drive was in the possession of a third-party data recovery service provider. And 43 per cent of those respondents who say the breach occurred while at the vendor say it was due to a lack of data security protocols.
A 2007 survey by Ponemon of 893 individuals who work in corporate IT showed that USB memory sticks are often used to copy confidential or sensitive business information and transfer the data to another computer that is not part of the company's network or enterprise system. The survey showed 51 per cent of respondents said they use USB sticks to store sensitive data, 57 per cent believe others within their organization routinely do it and 87 per cent said their company has policies against it.
Robert Siciliano, a personal security expert and CEO of IDTheftSecurity.com , recently wrote in his blog that millions of electronic devices are lost in cabs and hotels or are stolen, and millions more end up for sale on eBay, are recycled or are tossed in the trash. "Many of these phones still have enough data on them to commit identity theft or, in the wrong hands, make your life miserable."
"What if someone got the names, addresses and e-mails for everyone in your life?" Siciliano said in an e-mail response to Computerworld . "Not good."
Siciliano said a study conducted in December by managed services provider Regenersis , a U.K.-based recycler, tested a sampling of 2,000 cell phones. Ninety-nine percent of those cell phones had personal identifying information, such as banking and credit card data, personal e-mails, contacts, text messages, pictures, music, videos, calendar entries, notes, mailing lists, to-do lists, automatic log-ins for Twitter, LinkedIn and Facebook, he said.
According to Siciliano, studies also show consumers replace cell phones every 18 months on average.
"Over the past four to five years Blackberries, iPhones and countless other smartphone/PDAs have flooded the market," he said. "All of these devices technologies are upgraded within 6 months and the user wants the latest and greatest."
Siciliano suggested that to protect their data, consumers should:
- Use encrypted USB drives.
- Don't store data that will be considered a "data breach" if lost, stolen, sold or recycled.
- Have strong password protection on phones. Lock it up.
- Remove your SIM card upon selling.
- Reformat the phones operating system multiple times. This generally wipes off the data, but there are programs that do it more thoroughly. There is no universal way to reformat. It is different with every phone/manufacturer/operating system.
Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld . Follow Lucas on Twitter at @lucasmearian or send e-mail to firstname.lastname@example.org.