IBM are reported to have banned all Removable Storage Devices
The digital revolution we find ourselves in the midst of means continuous, fast paced changes in the way we compute and connect. The use of Removable Storage Devices (RMDs) seem to be the next item on the list of changes taking place. Last week IBM announced a ban on the transfer of data to RMDs for staff through-out its worldwide operations.
With ever mounting awareness around cyber-security IBM’s chief information security officer Shamla Naidoo is quoted as branding the ban as
‘‘a move towards minimising the risk of financial and reputational damage from misplaced, lost or misused removable portable storage devices’’.
This is not the first time an organisation has banned or reduced the use of RMDs. According to The Register, the ban was already in place for sometime within some IBM departments. Almost certainly this is a trend we will see increasing going forward especially with the high penalty implications associated with the GDPR.
Removable storage devices include the following
- USB Drives (Pen Drives, Portable Hard Drives)
- Smartphones, music players and similarly equipped handheld devices
- SD Cards
- Optical Media (CDs, DVDs, BluRay)
RMDs have for some time now been seen as a major source for transmitting infected software. There have been many high profile cases of malware being spread through USB devices examples include the Stuxnet worm and Flame.
A good antivirus software (we recommend Avast) will be able to scan RMDs for known infections. While this in most cases mitigates the problem of introducing malware to the system, it does not prevent employees from losing or walking out the door with valuable data.
It is also worth noting that under the new GDPR, USB and removable media should be part of your data protection plan
Under new GDPR guidelines any removable media used in relation to client data should be encrypted.
IBMs decision has been debated across internet forums over the last week. There are a lot of concerns as to the feasibility of a wide scale ban on such devices with negatives associated with lowered productivity and efficiency. A ban in certain areas, however, does appear to be favourable, though and perhaps even a move more organizations should consider for the safety of both their own and their client’s data.