The decision of the titan technology IBM to prohibit all of their employees that use any type of removable storage device within their facilities, including USB drives, SD cards and flash drives. According to multiple reports, the company informed the employees about the change in written form, stating that the new policy is to prevent leaks and safety violations.
“The potential financial damage and reputational, due to portable storage devices removable lost or misused must be minimized,” according to the report of the chief of security of the information Shamla Naidoo.
To reduce the risk of information leaks, #IBM bans in their workplaces the use of portable storage devices, such as USB and SD cards https://t.co/yWXz2tZqpU via @helpnetsecurity pic.twitter.com/cOOna8FmGt
— UNAM-CERT (@unamcert) May 14, 2018
The decision came as a surprise to the technology industry and raised the question of how much other companies should share the decision of IBM and be protected by prohibiting its employees to use this type of device.
Experts have warned about the risks to any company to make a decision as dramatic by the difficulties that implies for the processes of the employees and the change of habits of work that entails
Does the USB are a real danger for companies?
According to security expert Kevin Beaumont consulted by the BBC, the USB and other removable storage devices do represent a risk for all companies seeking to protect data, “which tends to be very easy to extract data from the company through them.”
For shows, all the recent leaks of confidential information that causes the scandals in the media, including the bombing of Facebook and Cambridge Analytica or the history that made Edward Snowden in 2013, when he made public thousands of classified documents by the u.s. National Security Agency (NSA) about the surveillance programme PRISM and the violation of privacy and Internet freedom of millions of americans.
Beamunt also explained that one of the other dangers involve is the insertion of any malicious software (malware) on computers or systems of the company. In fact, the computer security company Panda Security, based in Spain, explains in its website that “any USB storage device into an office can put in risk the security of the entire organization.”
In counterpart, another expert also quoted by the BBC, Sumir Karayi -director of the company is also security 1E – ensures that forbidding the use of USB and other devices similar there is no guarantee that the information extraction is not done.
“”Banning the USB will not prevent people steal data,” said Karayi. “As to the [possible] losses, a laptop computer, a NAS device (network attached storage) or an FTP server is equally easy to misplace”.
As it is, it is expected that the measure is fully implemented by the end of may and it will be interesting to know how it works in the case of IBM, and if other companies decide to follow in their footsteps.