As you read this, users are winding up their holidays and heading back to the office. The trouble is that they’re bringing security risks with them — you can count on it. That is, all those users are bringing all the cool new electronic gadgets they received as holiday gifts. The cool gadgets this year […]
As you read this, users are winding up their holidays and heading back to
the office. The trouble is that they’re bringing security risks with them
— you can count on it.
That is, all those users are bringing all the cool new electronic gadgets
they received as holiday gifts.
The cool gadgets this year span a broad spectrum: PDAs, USB memory
sticks, personal MP3/media players, smart mobile phones (many with
cameras built in), wireless adapters, Bluetooth devices and digital
cameras. The two common themes in the above list are memory capacity and
data connectivity, and those two ingredients can add up to significant
security risks for your business.
Now, I’m as much a ”gadget guy” as anyone I know, and truth be told,
there is great business benefit to be gained from most of these devices.
PDAs can be enormously useful at organizing a busy business, along with
schedules and priorities, both professional and personal. USB memory
sticks have all but done away with floppy and Zip disks. Even those
personal MP3 players can make long business flights a little less
intolerable — trust me!
You can be sure that corporate users are going to try to integrate these
cool devices into their work lives. Your job is to enable that to happen
— to the extent that you feel is reasonable, — while safeguarding your
company’s business concerns. So, just what are the threats from these
devices? Let’s take a quick look and separate the reality from the FUD
(Fear, Uncertainty, and Doubt) that litters the popular press.
of company information and insertion of unauthorized, possibly malicious,
software. Storage devices have gotten smaller in size and larger in
capacity. I carry a 1 G USB stick with me that is about the size of a pen
cap. When you combine that with the lightning fast USB 2.0 interface, you
have a device that would enable a criminal to steal your company’s data
very quickly and with little chance of being noticed.
”autorun” facility provided by many Windows-based operating systems.
(Autorun looks at a file called ”autorun.inf” on the drive, and
executes the commands in it.) Disabling autorun is quick, easy, and well
documented, but doing so for a USB drive might cause difficulties, if the
device driver doesn’t load.
may well be opening up connectivity to your company’s network, completely
bypassing any firewall or other policy-enforcing mechanisms. That can
result in theft of data, theft of service, etc.
All of these risks are quite real.
The likelihood of them affecting your company depends on a whole bunch of
things. Without a doubt, the decision of whether or not to accept these
devices in the workplace must be made by each company after carefully
considering the potential benefits of allowing these gadgets against the
potential risks they would carry.
There are a few things that you can consider doing, however, that should
reduce — although not eliminate — the risks. Here’s my list:
mandatory in tightening a Windows system. As I mentioned above, it may
lead to some difficulties with USB drives, but it does at least provide a
first level of protection against running rogue software on a system.
bound to be an unpopular decision among your users, but in some
environments it may be justified.
environment, consider rigorous event monitoring (and centralized
collection/analysis) of user activity on USB ports and devices. It
requires you to have monitoring infrastructure in place, but that might
be a lot easier to do than explaining to the VP why she can’t use her new
USB drive. And, of course, it’s much easier on desktop systems than on
laptops and notebooks…
unacceptable to you, then consider setting up a designated workstation
where users can plug in their USB devices. That system should be hardened
and closely monitored, but it would isolate the threat to one system.
(This is assuming that USB hardware is disabled/removed on all other
systems.)
market that can help you detect unauthorized devices the moment they are
turned on. Some will even actively prevent the unauthorized devices from
functioning. Then, once the device configurations are reviewed and
approved, they can be added to the authorized list.
you’re doing about USB and wireless devices. They should include policies
on acceptable computer/network use, cameras, personal devices, remote
connectivity, etc.
It should be obvious that this list is just a quick ”fly by” of some of
the possible remediations that you can consider. And, of course, there’s
no substitute for other good computing hygiene practices, such as
anti-virus software and personal firewall devices.
The main point I’m trying to make is that the gadgets are inevitable.
Ignoring them won’t make them go away.
Similarly, there aren’t any perfect solutions that remove all of the
threats that go along with them. But your users are going to want to use
them, for good and valuable business reasons in many cases. You can
prohibit them if that’s what your computing environment requires, or you
can find ways to reduce the risk and embrace them.
As for me, you’d have to pry my PDA and USB drive from my cold, dead
hands.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
