Organisations unaware of pocket-sized dangers

Have you ever thought that the innocent use of your i-Pod may just put the security of your entire company in jeopardy?

A study published by security software supplier BeCrypt has found that 85 per cent of UK employers have given scant thought to how their workers use portable USB devices. BeCrypt believes that, by having no security policies to control the increased use of these gizmos, many companies are left exposed to malicious attacks.

But it is not only deliberate acts of espionage and sabotage that are causing worry. Also of concern is the apparent naiveté of workers. More than half of the employees surveyed had connected devices to computers at work in order to take data offsite, and a similar figure claimed ignorance over the impact the misuse of portable USB devices could have on data security. When you reconcile these statistics with the fact that a quarter of those surveyed admitted to having lost portable USB devices, the conclusion must be reached that there is ample opportunity for chunks of classified data to go walkabout.

As BeCrypt's CEO Peter Jaco put it: "Sloppy security policy is making the rise of USB devices a real menace for British employers."

A recent report by IT analysts Gartner echoes BeCrypt's warnings. Ruggero Contu, the creator of the report, wrote: "Companies should forbid the use of uncontrolled, privately-owned devices with corporate PCs."

This is certainly a solution that appeals to the US Department of Energy and the British Ministry of Defence. The two institutions have both been quick to outlaw i-Pod usage. But are fears artificially heightened? If we should be afraid of i-Pods, shouldn't we be equally as worried about CD burning, email, printers and the good old ballpoint and notepad?

"The difference with portable USB devices is the scope they offer individuals with criminal intent," said Jaco. "With a 40GB i-Pod you can swiftly steal an awful amount of information.

"Also, portable USB devices raise the chances of honest mistakes occurring. Tiny flash drives are becoming ubiquitous. They're certainly easy to store information on and also incredibly easy to lose."

But there is the feeling that the suspicion these fears breed could be counter-productive in the workplace.

Barry Hugill, director of communications for human rights organisation Liberty, said: "While we understand the need for companies to monitor the activities of their employees, we're wary of hysteria. If a company implements stringent measures on its workforce, it might find that a lot of people won't want to work for it.

"Above all, there needs to be a degree of trust between employer and employee," he concluded.