Should I Have A Formal Security Policy About USB Devices At Work?

The flow of data in and out of the workplace is amazing these days.

With all of the wireless networks and tiny storage devices it is hard for an IT manager to keep track of them all.

Unfortunately, if you want to keep your data secured, you must be able to keep track of these types of situations.

All of the ways that people use to store their data are potential security leaks that must be able to be contained at a moments notice.

This is why you must have a formal security policy at the job when it comes to items such as this.

Formal Security Policy

If a person is able to put whatever data that they would like onto these devices you will never know who will get their hands on them.

The problem with most of these devices are that people lose them all of the time.

Even if you have an employee that is not being malicious and truly wants to take the data home to work on it there could still be a major security leak waiting in the wings.

If they are taking a piece of secret company data home in their pocket and they go to a bar that people in the industry hang out there could be consequences.

What if the employee leaves the USB device there?

Then a competitor could get a good portion of your companies secrets.

That could lead to a huge disaster for future product launches and ideas.

This is why you must make sure that an employee has to log in whenever they are in a part of the server that has top secret information.

Also you must let them know which kind of data they can and cannot take home with them to work on.

If they have forbidden data on the USB drive there would be no way that they could say that they didn’t know it wasn’t allowed.

If the person is caught with it or loses it it could serve as a mean to fire them.

If there is no formal policy against this kind of activity then the person could simply say that they didn’t know and legally they would be fine.

A firm, hard, official company wide stance would leave the person with no wiggle room.

Lock Out The USB Ports

If you wanted to take the policy to the extreme, you could also eliminate the ability of people to store data from a USB port on their work computer.

If they want data at home, then they can log in for it.

When they log in, they would leave an IP address and log in credentials.

This would help you keep better info on who got what data.

If you need workers to have access to data on the server to their job then you should make sure that you have formal policy in place.

Especially if it involves USB devices.

These tiny little devices can lead to a world of trouble.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] then here are a few things that you can do.First, if you are talking about being at work then you should have a policy of no outside USB devices. These devices are not very reliable as far as security goes and it just makes everything a little […]

  2. […] This post was mentioned on Twitter by HTCIA, Lee. Lee said: Should I Have A Formal Security Policy About USB Devices At Work? […]

Speak Your Mind