Skip to main content

Businesses are not encrypting USBs, risking huge fines

(Image credit: Image Credit: Sergey Nivens / Shutterstock)

UK businesses are putting almost no effort into securing the data they keep on USB drives, which is not in line with what GDPR demands, potentially putting them at risk of being hit with huge fines.

That's according to data storage firm Kingston, which concluded after polling 480 employees from companies in various industries. 

The storage solutions company says a fifth (20 per cent) of companies don't plan on improving their security posture. More than 80 per cent of USBs employees use in the UK don't use hardware-based encryption. More than a quarter (27 per cent) of these drives are used to store sensitive data.

To make matters even worse, almost four in ten (38 per cent) of employees admitted they lost a USB drive, or it was stolen from them. Out of the USBs gone missing, in 70 per cent of cases employees didn't know what happened to them.

Six in ten employees said their organisation used five or more USBs.

“Employees should also be encouraged to use hardware-based encrypted drives in order to provide a vital extra layer of protection against data leaks. Remote management of that data helps to safeguard the company from any drive that might be lost inadvertently, giving employees and companies peace of mind that their data is secure.”

The GDPR, or General Data Protection Regulation, is set to come into force in May 2018 and will regulate how businesses handle their data. 

Image Credit: Sergey Nivens / Shutterstock