IBM’s tip top security person, Shamla Naidoo, wrote everyone a nice letter saying that the company:
“is expanding the practise of prohibiting data transfer to all removable portable storage devices.”
Some bits of IBM have had this policy for a while, but now it’s going worldwide.
Not that you need to be told this, but IBM’s doing this because obvs you can do lots of Naughty Things if you can persuade someone to plug in a USB stick which is loaded with nefarious w4r3z.
Along with idiots taking USB sticks from bigger idiots at trade shows, there’s a long history of exploits being pushed into enterprise via interlligence-challenged employees. People used to drop them in carparks hoping a suitably idiotic dumb-dumb would put it into their machine. It worked.
Employees are being told to replace the convenience of swopping important spreadsheets and cat fail gifs on USB with their own sync and share service to distribute the aforementioned cat fail gifs between departments.
Hilarious videos of cats falling off things aside, how will this impact staff? Well, as with many companies, staff need to download patches so they can be installed on client machines. Guess how they get the patches onto the client boxes? Uh huh. USB sticks.
As of today, there was still advice on their website on how to install Red Hat on a server using… yes you guessed it… a USB stick.