Easy. Don't allow the use of USB flash drive security devices :-)
More seriously; as mice and keyboards now invariably use USB interfaces, totally disabling USB ports is now impractical. And of course, USB sticks can be a very useful form of portable storage.
Instead, you need to implement proper USB flash drive security and device management so that you can control how the storage devices are used. Fortunately, many commercially available USB access control products allow you to define what types of USB device are permitted by which user.
These flash drive security solutions let you apply granular access controls that restrict the use of USB ports. For example, you could allow regular staff to use USB keyboards and mice, but also prevent any use of USB hard drives, iPods, USB memory keys etc. -- in other words, the kind of device that could be used to pinch or copy data.
If USB use is required for a genuine business purpose, then consider having a process by which senior IT staff can write data to USB keys on controlled machines. Further ensure that only strongly encrypted USB keys are permissible for use, so the occasional, inevitable loss presents no significant issue.
Finally, keep an audit log of what's on which USB key. Ensure, too, they are returned to IT and wiped. Bold staff members who want to export the contents of your CRM can still do so if they follow the required process -- but at least you'll have a log of it.
Related Q&A from Ken Munro
Even though employees are told over and over again to not give out their user names and passwords, it doesn't always work. Expert Ken Munro explains...continue reading
Expert Ken Munro explains why the iPhone's lack of encryption features has kept it from being a reliable enterprise device -- for now.continue reading
Letting go of someone with high IT privileges could come back to haunt you, especially in a time when redundancies are likely to occur in every ...continue reading