…even though 91 per cent say encrypted USB drives should be mandatory. For the second consecutive year, employees are aware of the risks associated with inadequate USB drive security – but aren’t following best practices.
Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB data storage devices, recently announced results of its latest report, “The State of USB Data Protection 2019: Employee Spotlight.” The report revealed that for the second year in a row, employees are aware of the risks associated with inadequate USB drive security – yet aren’t following best practices. The survey report, which polled nearly 300 employees across industries including education, finance, government, healthcare, legal, retail, manufacturing, and power and energy, examined year-over-year trends of USB drive usage, policies and business drivers.
The report reveals that while employees have been the main driving factor behind the use of USB drives in the workplace (according to 68 per cent of respondents), employees have also been placing their organizations at significant risk. For example:
- While 91 per cent of respondents claimed that encrypted USB drives should be mandatory, a full 58 per cent of respondents confirmed that they regularly use non-encrypted USB drives
- Meanwhile, although 64 per cent of organizations have a policy outlining acceptable use of USB devices, 64 per cent of respondents said their employees use USB drives without obtaining advance permission to do so
- Furthermore, in yet another example of employees discarding best practices and policies, nearly half of employees lost a USB drive without notifying appropriate authorities about the incident.
Beyond these unfavorable findings, one of the most alarming statistics was the fact that employees are taking more security shortcuts than ever before. By comparing the key results of this survey against Apricorn’s previous USB data protection report, several troubling trends emerge, including:
- A higher percentage of employees are using USB drives without obtaining advance permission to do so: 64 per cent in 2018, compared to 57 per cent in 2017.
- There has been an increase in the percentage of employees that aren’t notifying appropriate authorities after losing a USB drive: 48 per cent in 2018 versus 39 per cent in 2017.
- In another example of employees unknowingly putting their organizations at risk, there was an uptick in the proportion of employees that use non-encrypted USB drives, such as those received “free” at conferences: 58 per cent in 2018, compared to 56 per cent in 2017.
One encouraging positive trend: there was a 24 per cent drop in the number of organizations regularly using non-encrypted USB devices (58 per cent in 2018, compared to 82 per cent in 2017). It is crucial that this percentage continues to drop, considering that the Ponemon Institute estimated that the average total cost of a data breach increased by six percent between 2017 and 2018, to $3.86M per breach.
“Organizations need to be more vigilant than ever about data protection, and this isn’t simply due to the increased sophistication of attackers, but also the significant unintended risk organizations are exposed to by their employees,” said Mike McCandless, Vice President of Sales and Marketing at Apricorn. “Our report confirms that while employees have good intentions for USB device security, their employers need to implement strict security policies to defend against the shortcuts employees will invariably take. And beyond policies and procedures, organizations would be wise to reinforce that their employees use encrypted USB drives that require a unique PIN.”
To download the full report, “The State of USB Data Protection 2019: Employee Spotlight,” please visit: https://www.apricorn.com/media/2019surveyinfographic.pdf
Apricorn surveyed nearly 300 employees from industries including education, finance, government, healthcare, legal, manufacturing and retail in the fourth quarter of 2018. This survey was completed online, and responses were random, voluntary and completely anonymous.
Headquartered in Poway, California, Apricorn provides secure storage innovations to the most prominent companies in the categories of finance, healthcare, education, and government throughout North America, Canada and EMEA. Apricorn products have become the trusted standard for a myriad of data security strategies worldwide. Founded in 1983, numerous award-winning products have been developed under the Apricorn brand and for a number of leading computer manufacturers on an OEM basis.