External drives, thumb-drives and IT security

Hi guys,

Not necesserily and technical question.  One of my clients, an accounting firm, worrying about the staff person brings in an outside hard drive and plugs it into an office computer?  Another leaving thumb-drives inserted into the computer and leaving for the night.  They see thumb-drives laying on top of the desk.
Should they worry about their IT security?  What should they be writing in the employee manual?

Please point me in the right direction, links, white paper, documents, etc.

Thank you!
LVL 17
Who is Participating?
nickt25Connect With a Mentor Commented:
it really depends on what type of informations those employe are handling.
and how trusted are those employees.
is a general concer of all companies to avoid users to hook their personal storages devices.
and of course the thumb driver is a fact to worrie about your it secutirty.
1. the personal storage he is for sure downloading information into that storage, what  need to be find out is if he (her) is saving company information or customer information.
if is not the case  you cant make sure if that hard drive have virus and may affect the rest of your network.

2. with the thum drive you have lost all control of your equipment. sicne that person is the only one able to unlcok the computer with his finger.
how about if you need to fire that person and need information on that computer ?
you cant take it becaue he is the only one able to unlock it

so ttat tells with the hard drive is  up to you.
but with the thumb finger he should not allow this.
Tiras25Author Commented:
Nick, the thumb drives are not necesserily for the fingerprint but just for a portable storage.  Just like a larger external drives.

Do most organisations have manuals in place concerning external drives and thumb sticks?
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

nickt25Connect With a Mentor Commented:
yes we do
they have policies of the right use of external storages devices.
but definitely you cant tell people that they cant use it, this is something that you wont be able to control.

but must of the organizations we have policies in place of the right use of it

MidnightOneConnect With a Mentor Commented:
Do most organisations [sic] have manuals in place concerning external drives and thumb sticks?                          
Smart ones do. One law office we contract for disables them with a GPO. Only the network administrator has the ability to use a USB stick.
amichaellConnect With a Mentor Commented:
There is a very legitimate concern any time you permit portable storage devices (USB thumb drives, MP3 players, smart phones, etc).  Most companies have lax security on their files, which makes it extremely easy for anyone to plug in a device and copy files.  By their very nature permitting the use of thumb drives calls in to question the confidentiality of data.  

You'll want a written policy that expressly prohibits the use of thumb drives.  Make sure this policy has the support of the CEO/executive staff.  IT cannot alone dictate this policy as you'll need the backing of your executive staff to assist with enforcement.  You can then prohibit the use of the drives via GPO.
All Courses

From novice to tech pro — start learning today.