The Salvation Army has installed software to control the use of USB flash drives on its systems after discovering a rise in the number of staff plugging unauthorised memory sticks into the network.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The charity feared the rise would put data at risk because its Windows XP desktops do not offer native support for securing USB ports.
The Salvation Army has a dispersed workforce of more than 2,500 users across the country, which meant it needed a centralised method of controlling the use of USB sticks.
Martyn Croft, head of corporate systems at the Salvation Army, said the charity was securing more than 2,000 access points on its network by deploying SecureWave's Sanctuary endpoint application. This allows administrators to authorise or restrict the use of USB drives using set criteria.
However, Croft said educating users about the need for the system was crucial to making it work for the organisation.
"The security buck has to stop with the IT department, but security has to be collectively pushed throughout the organisation to the end-users - a blanket policy banning the use of USB devices is counter-productive," said Croft.
To gain the understanding and support of users, the Salvation Army has run a series of information security awareness sessions about the need to protect data.
The charity has also used a series of e-learning programmes produced by the Mid Yorkshire Chamber of Commerce and Industry. These sessions have given users a more detailed understanding of topics such as managing passwords, virus vigilance, how to back-up data and how to defend against identity and phishing threats.
"Feedback from these initiatives has been positive, and it has helped staff stay secure both in work and at home when working with IT," said Croft.
The IT department has also issued Salvation Army-branded USB sticks to employees which automatically encrypt any data stored on them.
"We have ensured we create a policy whereby if you do store data on a USB device, you have a duty of care to that data," said Croft.
Comment on this article: e-mail firstname.lastname@example.org