•    Ponemon Institute study shows alarming percentage of companies do NOT consider protection of information on a USB drive to be high priority
•    743 IT professionals and IT security practitioners polled
•    Less than a third of organisations believe they have adequate policies to prevent USB misuse
•    12,000 customer records lost on average per organisation due to missing USB drives
•    Oultines 10 key practices not implemented to prevent data loss

Sydney, Australia — August 11, 2011 — Kingston Technology, the independent world leader in memory products, today announced the results of a study conducted by the Ponemon Institute looking at USB prevalence and risk in organisations. The study found that inexpensive consumer USB Flash drives are ubiquitous in all manner of enterprise and government environments ? typically with very little oversight or controls, even in the face of frequent and high profile incidents of sensitive data loss.   

A group of 743 IT professionals and IT security practitioners from global companies based in the United States were polled, and all acknowledged the importance of USB drives from a productivity standpoint. The Ponemon Institute is an independent group that conducts studies on critical issues affecting the management and security of sensitive information about people and organisations. The study underscores the pressing need for organisations to adopt more secure USB products and policies. They cautioned, however, about the lack of organisational focus regarding security for these tools to meet appropriate data protection and business objectives.  

The report lists 10 USB security recommendations that many or most organisations do not practice:
1.    Providing employees with approved, quality USB drives for use in the workplace.
2.    Creating policies and training programs that define acceptable and unacceptable uses of USB drives.
3.    Making sure employees who have access to sensitive and confidential data only use secure USB drives.
4.    Determining USB drive reliability and integrity before purchasing by confirming compliance with leading security standards and ensuring that there is no malicious code on these tools.
5.    Deploying encryption for data stored on the USB drive.
6.    Monitoring and tracking USB drives as part of asset management procedures.
7.    Scanning devices for virus or malware infections.
8.    Using passwords or locks.
9.    Encrypting sensitive data on USB drives.
10.  Having procedures in place to recover lost USB drives.

“An unsecured USB drive can open the door for major data loss incidents,” said Larry Ponemon, Chairman and Founder of the Ponemon Institute. “Organisations watch very carefully, and put a plethora of controls around, what enters their businesses from cyberspace. This study drives home the point that they must also take a more aggressive stance on addressing the risks that exist in virtually every employee’s pocket.”

“Kingston believes a lack of oversight, education and corporate confusion are factors that lead to the overwhelming majority of data loss when it comes to USB Flash drives,” said John Terpening, Secure USB business manager, Kingston. “Organisations fear that any attempt to control a device like a USB is likely to be futile and costly, both in terms of budget and loss of productivity. However, a simple analysis of what an organisation needs and the knowledge that there is a range of easy-to-use, cost-effective, secure USB Flash drive solutions can go a long way toward enabling organisations and their employees to get a handle on the issue.”

According to the Ponemon study, more than 40 percent of organisations surveyed report having more than 50,000 USB drives in use in their organisations, with nearly 20 percent having more than 100,000 drives in circulation. The study finds that a whopping 71 percent of respondents do not consider the protection of confidential and sensitive information on USB Flash drives to be a high priority. At the same time, the majority of these same respondents feel that data breaches are caused by missing USB drives.

The most recent example of how easily rogue USB drives can enter an organisation can be seen in a Department of Homeland Security test in which USBs were ‘accidentally’ dropped in government parking lots. Without any identifying markings on the USB stick, 60 percent of employees plugged the drives into government computers.  With a ‘valid’ government seal, the plug-in rate reached 90 percent.  

The Ponemon study concluded that a staggering 12,000 customer, consumer and employee records were believed to be lost on average by these same companies as a result of missing USBs. According to a previously released Ponemon report, the average cost of a data breach is $214 per record*, making the potential average total cost of lost records to the organisations surveyed for the Ponemon/Kingston® USB Flash drive study, reach upwards of $2.5 million (USD). Other key findings in the report include:

Evidence of widespread compromise is apparent:
•    Nearly 50 percent of organisations confirmed lost drives containing sensitive or confidential information in the past 24 months.
•    The majority of those organisations (67 percent) confirmed that they had multiple loss events – in some cases, more than 10 separate events.

Oversight and control of USBs in enterprises can be better:
•    Free USB sticks from conferences/trade shows, business meetings and similar events are used by 72 percent of employees’ ? even in organisations that mandate the use of secure USBs.
•    In terms of policies and controls, of the hundreds of IT professionals and IT security professionals polled, only 29 percent felt that their organisations had adequate policies to prevent USB misuse.

The full report can be downloaded from the Kingston website.

About Ponemon Institute
The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organisations in a variety of industries.

About Kingston Technology Company, Inc.
Kingston Technology Company, Inc. is the world’s largest independent manufacturer of memory products. Kingston designs, manufactures and distributes memory products for desktops, laptops, servers, printers, and Flash memory products for PDAs, mobile phones, digital cameras, and MP3 players. Through its global network of subsidiaries and affiliates, Kingston has manufacturing facilities in California, Taiwan, China, Malaysia and sales representatives in the United States, Taiwan, China, India, Australia, New Zealand, Vietnam, Europe, Russia, Turkey, and Latin America. For more information, please visit www.kingston.com/anz.