A flash drive is described by Wikipedia as “flash memory data storage devices integrated with a USB (universal serial port) interface�. Memories on the flash drives can contain from 32 Megabytes to 64 Gigabytes. They are very compact, lightweight, removable and rewritable.

These devices can be used to upload data to a PC be it malicious or informative, copy information and move it from one PC to another, or copy data and take it offsite.
This is becoming a problem for network administrators in financial institutions and other companies that store sensitive customer information.

When a flash drive is plugged into the USB port, it is automatically recognized by the Operating System and will load the device driver and allow file transfers to occur with Windows Explorer or similar applications.

What to do?

Setup training to make personnel aware of the positive and negative aspects of flash drives.

Write a Policy that incorporates the following concepts:

Forbid the use of flash drives except for personnel that have been approved by the banks technology group or network administrator. Incorporate guidelines for repercussions if employees are found using unapproved flash drives.

No customer data is to be taken offsite unless for approved business purposes. If the flash drive is taken offsite, ensure it is encrypted.

Personnel are not allowed to upload data from a flash drive to a PC from an unknown source without the network administrator or technology supervisor approval.

Additional items to be considered:

Financial institution can supply approved personnel flash drives. The supplied flash drives will be encrypted and password protected

Install software on the network that will detect and block any storage device that is not approved by the Information Technology Department. Using Group Policies in Windows to disable USB ports is not a workable solution.