A survey of over 500 United Kingdom-based business has indicated that unencrypted USB devices are still being used by businesses despite the fact that unsecured data could lead to massive general Data Protection penalties.
The survey was carried by security company ESET and Kingston Technology, a world leader in technology products, and showed that 55% of business don’t encrypt their removable devices, leaving them vulnerable to data breaches and the financial penalties that go with them. These penalties, at the upper end of the scale, can be as high as €20m of 4% of annual global revenue for the previous year – whichever figure is higher.
Jake Moore, cyber security specialist at ESE said: “With GDPR one-year milestone just a month away, it is interesting to see what businesses are doing differently to protect themselves from cyber security issues and fines. The survey reveals that companies are still not adequately protected from data leaks as this level of unencrypted devices means anyone can access personal data without security clearances. This poses significant security concerns for firms that do not have the processes in place to ensure their data is safe. One of the ways to do this is through the use of encryption. However, the survey reveals that password protection is still widely used amongst businesses even though it lacks in sophistication.”
The research also showed that companies are still not adequately protected from data leaks as this level of unencrypted devices means anyone can access personal data without security clearances. Additionally, it was shown that 62% of executives admit to seeing USB devices in unsecured places such as desks, drawers and exposed office spaces, where an employee or visitor could access without permission.
According to Robert Allen, European Director of Marketing & Technical Services at Kingston Technology, losing an unencrypted USB stick can have sever consequences. He said: “Using encrypted USBs will protect your sensitive data outside of the network firewall. Encryption promotes and maintains a productive and efficient mobile workforce while complying with GDPR and other data privacy regulations. At the same time, it protects the business network from being infected or hacked by cyber criminals that implant malware to infiltrate personal data. Can corporations really afford to take the risk?”