CIO Symmetry

May 20 2010   9:42PM GMT

USB memory sticks spark concern — but still prove hard to pass up

Kristen Caretta Kristen Caretta Profile: Kristen Caretta

“Is this safe?” seemed to be the first question out of everyone’s mouth when a colleague of mine was handing out USB memory sticks at the recent MIT Sloan CIO Symposium.

The tiny memory sticks did not contain malicious material — only tips and information on health IT — but practically everyone had a story to tell of how they had been burned in the past by the innocuous-looking swag.


One CIO of a midsized pharmaceutical company told me that he had just gone through a memory stick nightmare the day before. A USB stick he had been expecting from one of his vendors arrived in the mail and no one thought twice about using it. “You’re supposed to trust these people,” he said.

Turns out, the stick was infected. The infection (he declined to share exactly what it was) soon spread through part of his company’s network and cost four hours of cleanup time that day.

“I will never trust these things again,” the CIO said, “especially the ones you get at conferences, because you really have no idea where it’s been or what’s on it.”

Another suspicious passerby told me that he had recently completed some internal security training in his company and was told simply not to use them, period.

While the concern isn’t new (the risks of USB storage devices have been highlighted for a while), I have to admit I was surprised by the number of people who had something to say about it. Of the 25 or so people I interacted with firsthand on this topic, I would say at least 20 of them questioned the security of the small handout.

More surprisingly, however, was the number of the people who had a horror story (or knew of someone who did) and still took the drive. In fact, I only saw one person refuse it.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: