Sir – following the explosion in low cost, portable storage devices – from the memory stick to the iPod (‘Open to personal download abuse’, Secure IT, SMT, January 2006, pp49-50) – companies must wake up to the fact that there’s a great deal to be done when it comes to increasing security measures and preventing the theft of data from within an organisation.

The new generation of mobile storage devices has transformed the ease with which sensitive information might be stolen. These devices are small, simple to use and easy to conceal. They can remove vital business and customer information in a way that is completely untraced and untraceable.

Organisations need to implement technologies that can enforce control. Actions that might be taken include imposing copy limits on each device, scheduling access and taking audit copies every time a mobile device is used.

Combining the audit trail with the copy of what has been taken also provides security managers with more than enough proof to demonstrate to auditors or regulators that effective mechanisms exist for the support of necessary compliance requirements.

Ian McGurk, Head of Security Consulting, Plan-Net Services

Source

SMT