UK firms naive to USB stick dangers

25 Jan 2007 View Comments
A Computing logo
Picture of USB stick

Half of UK companies are prepared to put their network security at risk by inserting a USB stick posing as a party invitation, according to research published this week.

IT consultancy NCC targeted finance directors from 500 listed firms in a range of sectors in a security awareness campaign, with USB sticks forming part of an anonymous invitation saying ‘For Your Chance to Attend the Party of a Lifetime’.

More than 47 per cent of finance directors and some 65 per cent of media companies inserted the unidentified memory stick into their computers.

Paul Vlissidis, head of penetration testing at NCC Group, says inserting the stick could have jeopardised sensitive information, such as personal details of customers and employees as well as confidential corporate financial data.

‘A real hacker could target the user’s credential using Trojan Horse technology and plant keystroke loggers to capture the user’s password,’ he said.

Technology, retail and transport firms showed themselves to be the most security aware, with between 38 and 39 per cent of finance directors inserting the memory stick.

Graham Titterington, principal analyst at Ovum, said: ‘USB sticks are a potential danger for taking data out as well as getting malware into companies.’

‘With USB sticks from an unknown source you should always run a virus check before you run any program.’

What do you think? Email us at feedback@computing.co.uk

Management tools need a sanity check

New options for securing USB devices

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

35 %
31 %
14 %
20 %