External drives, thumb-drives and IT security

Posted on 2010-01-12
Medium Priority
Last Modified: 2013-11-14
Hi guys,

Not necesserily and technical question.  One of my clients, an accounting firm, worrying about the staff person brings in an outside hard drive and plugs it into an office computer?  Another leaving thumb-drives inserted into the computer and leaving for the night.  They see thumb-drives laying on top of the desk.
Should they worry about their IT security?  What should they be writing in the employee manual?

Please point me in the right direction, links, white paper, documents, etc.

Thank you!
Question by:Tiras25
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 13

Accepted Solution

Brum07 earned 400 total points
ID: 26297981

Assisted Solution

nickt25 earned 800 total points
ID: 26298056
it really depends on what type of informations those employe are handling.
and how trusted are those employees.
is a general concer of all companies to avoid users to hook their personal storages devices.
and of course the thumb driver is a fact to worrie about your it secutirty.
1. the personal storage he is for sure downloading information into that storage, what  need to be find out is if he (her) is saving company information or customer information.
if is not the case  you cant make sure if that hard drive have virus and may affect the rest of your network.

2. with the thum drive you have lost all control of your equipment. sicne that person is the only one able to unlcok the computer with his finger.
how about if you need to fire that person and need information on that computer ?
you cant take it becaue he is the only one able to unlock it

so ttat tells with the hard drive is  up to you.
but with the thumb finger he should not allow this.
LVL 17

Author Comment

ID: 26298101
Nick, the thumb drives are not necesserily for the fingerprint but just for a portable storage.  Just like a larger external drives.

Do most organisations have manuals in place concerning external drives and thumb sticks?
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?


Assisted Solution

nickt25 earned 800 total points
ID: 26300120
yes we do
they have policies of the right use of external storages devices.
but definitely you cant tell people that they cant use it, this is something that you wont be able to control.

but must of the organizations we have policies in place of the right use of it

LVL 26

Assisted Solution

MidnightOne earned 400 total points
ID: 26300162
Do most organisations [sic] have manuals in place concerning external drives and thumb sticks?                          
Smart ones do. One law office we contract for disables them with a GPO. Only the network administrator has the ability to use a USB stick.
LVL 14

Assisted Solution

amichaell earned 400 total points
ID: 26310133
There is a very legitimate concern any time you permit portable storage devices (USB thumb drives, MP3 players, smart phones, etc).  Most companies have lax security on their files, which makes it extremely easy for anyone to plug in a device and copy files.  By their very nature permitting the use of thumb drives calls in to question the confidentiality of data.  

You'll want a written policy that expressly prohibits the use of thumb drives.  Make sure this policy has the support of the CEO/executive staff.  IT cannot alone dictate this policy as you'll need the backing of your executive staff to assist with enforcement.  You can then prohibit the use of the drives via GPO.

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question