One of our visitors has alerted us to a brilliant example of how the healthcare industry is failing to understand and address the risks associated with data loss on removable media devices.
The UK’s ‘Health Service Journal’ is offering all subscribers a free 1GB USB flash drive - so they can access exclusive content from the magazine. We guess no-one at the magazine heard about the recent data loss incidents in Oldham, Stockport and Manchester?
At a time when uncontrolled removable media devices (such as USB sticks and CDs) present some of the most serious dangers to patient confidentiality, the offer from the magazine seems ill-timed at best and downright irresponsible at worst.
And just in case you think it really is too silly to be true, click here.
As our visitor commented: “I the only Information Security Manager who feels he’s swimming against the tide here?”.
On the same day we reported the theft of a National Health Service (NHS) laptop resulting in the possible ID theft of 30,000 employees, one WatchYourEnd contributor found himself on an evening train home from London sat opposite what appeared to be a senior NHS manager (it said “Property of NHS” on his laptop, anyway).
Imagine our man’s surprise then, when said manager got up and left his PC unattended on the table for 10 minutes while he visited the buffet car, took a stroll, or whatever takes 10 minutes on a commuter train! Let’s just think about that again; on the same day the media critizes the organization for losing 30,000 records, a staff member leaves his computer open for anyone to steal or otherwise tamper with on a train…
Let’s just say the temptation for our man to insert a USB drive loaded with “slurpaudit.exe” into the guy’s computer was tough to resist. Maybe we would have found another 30,000 records for the NHS to worry about.
This is great! It brings to light some of the silly solutions that IT administrators have used to solve the threat of removable media devices:
From the people who brought you the Super Security Sticker™ comes the latest in endpoint security technology. USB Glue™ is the leading endpoint security adhesive on the market today. Our formula is scientifically designed to provide the ultimate blockage of USB ports on today’s computers, giving IT administrators the ultimate endpoint security solution in a tube!
Forget endpoint security for a moment, how about endpoint fire hazards. Take a look at what group in Japan “cooked up,” they modified a computer to make their own USB powered BBQ, using 30 USB ports spread out across five PCI cards.
Make sure your IT staff are fed, or you just might find one of these suckers cooking steaks in your data center.
With an increasing number of firms banning iPods and USB storage devices from office buildings, the latest craze in personal storage risks highlighting the inadequacies of half-hearted security policies.
Not content with creating USB sticks which you have to remember to put in your pocket(!), one firm has come up with a USB bracelet which can be worn round the wrist and looks suspiciously like one of those charity plastic wristbands. They’re even available in a choice of colors.
For most of us, the idea of wearing a USB storage device as a fashion item might be somewhat less-than-appealing, but as a potential vehicle for bypassing security checks, these devices raise some serious concerns.
They perfectly illustrate how trying to combat the invasion of these devices at the front door is the wrong strategy - and how it is far better to employ technology to stop the device connecting to the corporate network.
This is great!
