The first defence is a vigilant management team – employees intent on doing something malicious are often disenfranchised and frustrated. Insider threats are a concern for all organisations. If you block everyone else, forcing them to change, but let me off the hook so that I really am special, what then? (All they have to do is say they need to record meetings, or that they’re also into podcasting, or that they’ve got a similar issue with a camera that they use for work purposes.) If you make me an exception to the rule, because I’m special on account of doing podcasts, how do you deal with the fallout from that, when everyone else decides they’re special, too?
Security for usb ports mac software#
You can see where this is going: when you connect the device via a USB cable, a menu pops up on the device where you choose which way the device will work, and one of those options makes it behave as a USB drive.ĭo you ban the device because it’s a part-time USB drive? Do you take the extra steps needed to teach your device control software that it’s two subdevices, and that the audio-flavoured one is OK but the disk-flavoured one is not?
Security for usb ports mac portable#
One tricky challenge with an outright ban on USB drives is that there are many different sorts of removable storage – notably including devices that present themselves with two faces.įor example, I have a portable audio recorder that I use for podcasting: you can plug in into a laptop and use it as a high-quality microphone, or you can use it as a handheld standalone device and download the files from it later on. One handy thing about sharing rather than copying content is that it’s much easier to audit and ‘unshare’ if a mistake is made.
Providing sanctioned cloud sharing services as well, combined with the right controls add training, helps further because it can avoid the need to copy data onto USB drives in the first place. Where possible, organisations will be more effective making the easy way the safe way.Įnforcing USB encryption across a company the size of IBM is probably very tricky, but for a company of average size, it’s a good way to mitigate the risk whilst allowing people to work in a way they’re comfortable with. Humans are highly creative and often find workarounds that are more risky than the thing being banned. Outright bans of any useful technology breed “shadow IT”. With Europe’s GDPR kicking in at the end of this month, threatening much bigger fines for companies that don’t take proper care of their data, the timing of IBM’s new rule is hardly a surprise.Īfter all, if you don’t have a USB drive in the first place, you can’t lose it, so that’s one less way for data to show up in the wrong places. 66% of them had malware on, and not a single one was encrypted. To take a quick trip down memory lane: seven years ago we bought a stash of USB keys from a lost property auction as an experiment. While it’s a less common (but still real!) malware infection vector now, the biggest risk these days is data leakage. We asked our very own CISO, Ross McKerchar, what he thought: Many users are perfectly used to backing data up into the cloud, and even to having files such as photos automatically uploaded from one device and seamlessly synched with another.īut can an outright ban on something as widely used, and as useful, as USB sticks really work? It’s a bold approach, and in the modern cloud era, it’s not as outrageous as it might at first sound. Instead of trying to manage the problem of who copied what to which USB stick from what computer using which type of encryption, word on the street is that IBM’s Chief Information Security Officer (CISO), Shamla Naidoo, has taken a much blunter approach, along the lines of, “If you want to move files around, use the network.”
0 kommentar(er)
