One of the banes of the IT manager’s existence is data security, particularly customer data. Being connected to the rest of the world, allowing customers in and employees out while keeping the data safe from prying eyes is a high wire act performed daily by IT shops around the world. The problem is most of them are working without a net, thanks to one of our favorite gadgets, the thumb drive.
I love thumb drives. I have the Swiss army knife with a built in USB drive on my key chain. Anywhere I drive I have my thumb drive with me and as an American that means every. I drive everywhere. I even drive to go walking.
The problem with thumb drives is everyone likes them and they are actually completely user friendly. The most inept user can stick one in a computer copy their email, or customer files to it then carry it with them to a bar, the gym, their kid’s ball game, or a crowded train filled with pick pockets. Let’s face it. The data in most offices is only as secure as their most inept employee.
So what’s the answer? Obviously the simplest answer is to shut down all USB ports on all computers, which actually isn’t all that simple. Since most offices are on Domains I thought GPOs are the best way to block ports but GPOs are extremely complicated. I spent several hours one day, trying to figure out the right combination, and the only thing I accomplished was losing access to my own optical drive. GPOs aren’t my specialty but I haven’t spoken to anyone who managed to figure it out. I read about a company in the UK that got so fed up they blocked all the USB ports by filling them in with clear caulk. That seems a bit drastic but I kind of get it.
There are better methods, most of which involve encryption. Encryption can also be pretty complicated but most IT pros have little problem with applying them. The problem is they generate a lot more requests for user assistance. An increase in calls is a pain but when the request is “I need help decrypting this file so I can copy it to my thumb drive” you can just say no and mentally add that user to your list of problem children.
My personal opinion is the best solution to the thumb drive battle is twofold. 1. Start by having a good relationship with users. In an “US verses Them” culture you will always be outnumbered and out flanked. 2. Have strict security policies in place, with easy to understand explanations of why data security is important for everyone. If you don’t have a good security policy you can start with the IT Security Manual Template. It’s a pretty good toolkit for setting up and following strong everyday practices. Or you could go to the hardware store and buy a caulk gun.