The old security chestnut of lost USB sticks is back in the news again, with reports of a stick containing a safety assessment of a nuclear power plant in North-East England going walkabout from the Office for Nuclear Regulation (ONR).
The unencrypted USB stick contained a 'stress test' safety assessment of the Hartlepool plant, but the ONR - undoubtedly playing the incident down - has said the stick did not contain significantly sensitive data.
According to Cryptzone, however, the fact that the data was also available on the Internet is actually a red herring, as the real point here is that the ONR employee should not have been using an unencrypted USB stick.
Grant Taylor, UK Vice President of the European IT threat mitigation specialist, says that it is all very well that the ONR has pronounced that the use of unencrypted devices for transporting documents with a security classification is not allowed, but there should be security systems in place to both stop these incidents from happening - and other technologies such as automated encryption to back up those systems.
"These unprotected USB stick loss incidents have been in and out of the news for some time. Back in January, for example, the ICO and its counterpart in the Isle of Man slammed a healthcare firm called Praxis Care, following the loss of a USB stick containing personal information on 160 patients," he said.
"And in early February, East Lothian Council was hit by a large penalty after the details of more than 1,000 school pupils were lost when a USB stick went for a stroll. Then, if you look further back, there have been numerous incidents involving these digital equivalents of floppy disks over the last few years," he added.
The Cryptzone UK Vice President went on to say that the complexity of USB sticks is also starting to rise, as is the level of storage one can buy for under ten pounds - the petty cash limit in most offices.
We are, he says, starting to see the arrival of GPS/GSM-enhanced USB sticks, which - like an Apple iPhone - can be tracked as they move around in someone's briefcase, purse or pocket... but this is not a cheap hobby, he notes. Furthermore it locates but does not necessarily secure the data.
Using encryption and policy-based network/IT resource security is a lot cheaper - and far more cost-effective, he adds, as the marginal cost of enrolling a USB stick in a security programme is very little, when most solutions offer a level of automation, which minimises human intervention.
Sign up for Computerworld eNewsletters.