bCentral Home
Your Online Business Center

Avoid the Memory Card Menace

The risks in removable media

Everyone is familiar with the humble floppy disk. For many people, it is the main way to transfer data between computers. My wife still uses floppies to transport the plays she writes to different theatres. But in comparison to the latest technology, a floppy disk is so primitive it might as well be a stone tablet. People's perception of risk hasn't caught up with what is now possible.

For example, you can store 512MB in a secure digital card the size of a postage stamp. This is the equivalent of 364 floppy disks or an encyclopaedia or (more worryingly) a complete customer database plus a copy of all your company's correspondence. Pen drives, MP3 players, digital camera memory cards, removable hard disks, CD and DVD writers all allow staggering amounts of data to be transferred quickly and easily. And you might not even know it's happened. Even if the data is being transferred for legitimate reasons, the loss or theft of the portable device that carries it is still a risk.

A recent survey found that such removable media were used on 85% of business networks, with many employees using them to transfer work between home and office PCs. However, a vast majority of firms had no policies to prevent or manage the use of removable media. A few organisations, such as the RAF, have very strict policies and enforce them with all the rigour that military discipline can impose.

The sponsors of the survey, Reflex Magnetics, have developed software that can control users' ability to copy data to removable devices. However, there are things that a small business can do without spending a lot of money or getting the RAF to frisk your employees.

Removing the Risk of Removable Media

'The very first thing they need to do is a bit of risk analysis,' says Andy Campbell, MD of Reflex Magnetics. They should 'look at their business critically - what are we storing on the network, what access do we give, do we want that data easily transported out of the office?'

The key step is to control access to data. Make sure that you have a strict password policy and restrict access to workstations so you can prevent unauthorised access to data

Compartmentalise data on the server. Does everyone need full access to the customer database or accounts? Are there ways you can make it difficult to copy whole chunks of data - perhaps you can give staff access to one client account at a time through a web browser?

Have clear policies about what employees can do with confidential or business-critical data. Educate the workforce

Encrypt corporate data removed from the network

Consider banning digital cameras, MP3 players and other devices that could be used to transfer data

Consider disabling USB ports, removing CD-R drives, floppies, printers and other devices with card readers

Where next

See our security area for general advice and information.

Discover the three basic steps to help ensure your PC is protected.

Sign into Microsoft Small Business+ for free web-based training and software support.

sign in
Security information

Find a local Microsoft Small Business Specialist to help with your IT needs

Microsoft Small Business SpecialistMore info >

What do you want your PC to help you with?

What do you want your PC to help you with?

Free business newsletters - subscribe now

Our free newsletters are packed full of business advice and ideas - plus all the latest news

Security information

Get the latest bulletins and updates direct from Microsoft